Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware has taken over my computer - please help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Malware has taken over my computer - please help

Unread postby snooker&molly » October 7th, 2009, 8:27 pm

I am experiencing severe speed reduction when using Internet Explorer and programs on my computer. I have run my virus scanner (McAfee), Malwarebytes, PC Tools Spyware Doctor and Windows Malicious Software Removal Tool. All have come back saying that they cannot find anything.

I have attempted to run ESET Online Scanner but after agreeing to the Terms and Conditions nothing appears to happen.

I have run HijackThis and the logs are below.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:21:09 AM, on 08-Oct-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1EAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9691285125
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0321181252920176) (0321181252920176mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\032118~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

The latest log for Malwarebytes is:

Malwarebytes' Anti-Malware 1.41
Database version: 2917
Windows 5.1.2600 Service Pack 3

08-Oct-09 10:31:42 AM
mbam-log-2009-10-08 (10-31-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 179027
Time elapsed: 58 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm
Advertisement
Register to Remove

Re: Malware has taken over my computer - please help

Unread postby deltalima » October 11th, 2009, 3:04 pm

Hi snooker&molly,

Welcome to the Malware Removal forums.
My nickname is deltalima and I will be helping you with your computer problems.

HijackThis logs can take some time to research, so please be patient with me.

Please note the following:
  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • All of my posts need to be checked by a teacher, so please be patient while I attempt to remove your malware.

LIST OF PROGRAMS USING HIJACKTHIS
  • Open HijackThis.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
See in this link details.
http://img.bleepingcomputer.com/tutorials/hijackthis/uninstall-man.jpg
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 11th, 2009, 6:11 pm

thank you for your help in advance!!

Log is below:

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1
AI Remote
Apple Mobile Device Support
Apple Software Update
Autorun Eater v2.3
BlackBerry Desktop Software 4.7
BlackBerry Desktop Software 4.7
Bonjour
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner (remove only)
CDBurnerXP
ClearType Tuning Control Panel Applet
C-Media 6501 Sound
CX4300_5500_DX4400 manual
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Printer Software
EPSON Scan
EPSON Scan Assistant
e-tax 2009
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
iTunes
Java(TM) 6 Update 15
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Ultimate 2007
Microsoft Office Ultimate 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB925673)
NVIDIA Drivers
OLYMPUS Master 2
PeerGuardian 2.0
PrimoPDF
QuickTime
Roxio Media Manager
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969679)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB969682)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Spyware Doctor 6.1
Steam
Symantec Technical Support Web Controls
Tweak UI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Outlook 2007 (KB969907)
Update for Outlook 2007 Junk Email Filter (kb973514)
Update for Windows Internet Explorer 8 (KB973874)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Warhammer 40,000: Dawn of War II
WD Diagnostics
WD Drive Manager (x86)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver
Xvid 1.2.2 final uninstall
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby deltalima » October 15th, 2009, 3:27 am

Hi snooker&molly,

Please re-open HijackThis and select Scan. Check the boxes next to all the entries listed below (if present):

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

Now close all other open windows and then click on Fix Checked. Close HijackThis.

Now please reboot the computer.

Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with a new HijackThis log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 15th, 2009, 5:27 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:44 PM, on 15-Oct-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1EAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9691285125
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0321181252920176) (0321181252920176mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\032118~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 12302 bytes
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 15th, 2009, 5:29 am

GMER 1.0.15.15125 - http://www.gmer.net
Rootkit scan 2009-10-15 20:24:08
Windows 5.1.2600 Service Pack 3
Running: s4xiovdz.exe; Driver: C:\DOCUME~1\Simon\LOCALS~1\Temp\kfrcipob.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6E9D72]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6CA9A6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6CAB98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6EA568]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6EA820]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6E8A80]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6EAC8A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6EA036]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBA6CA656]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xB29B34EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xB29B3635]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xB29B361F]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xB29B352C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xB29B3661]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xB29B3470]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xB29B3484]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xB29B3500]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xB29B369D]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xB29B3609]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xB29B35F3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xB29B3689]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xB29B3675]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xB29B34D8]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB29B34C4]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xB29B364B]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xB29B3542]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xB29B3516]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP B29B351A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP B29B34F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 3 Bytes JMP B29B3530 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtMapViewOfSection + 4 805B2008 3 Bytes [32, 90, 90]
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP B29B3546 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP B29B3504 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenProcess 805CB40A 5 Bytes JMP B29B3474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805CB696 5 Bytes JMP B29B3488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805CDE54 5 Bytes JMP B29B34C8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805D1704 5 Bytes JMP B29B34DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryValueKey 806219EA 7 Bytes JMP B29B35F7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwUnloadKey 80622062 7 Bytes JMP B29B364F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 80622900 7 Bytes JMP B29B360D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 80623FF2 7 Bytes JMP B29B3639 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8062425C 7 Bytes JMP B29B3623 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwQueryKey 80624EAA 7 Bytes JMP B29B36A1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwRestoreKey 8062516A 5 Bytes JMP B29B3679 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwReplaceKey 8062585E 5 Bytes JMP B29B368D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwNotifyChangeKey 80625978 5 Bytes JMP B29B3665 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02470001
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[148] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01660001
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MSK\MskSrver.exe[252] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[324] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[384] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\WINDOWS\system32\nvsvc32.exe[384] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\nvsvc32.exe[384] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 002600B6
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260091
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260080
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026006F
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260054
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600F5
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600E4
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0026011A
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F8B
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F5C
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0026000A
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002600C7
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026002F
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FDE
.text C:\Program Files\Internet Explorer\iexplore.exe[412] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FB2
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F6B
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350F86
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350F97
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0035001E
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[412] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360F9C
.text C:\Program Files\Internet Explorer\iexplore.exe[412] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360031
.text C:\Program Files\Internet Explorer\iexplore.exe[412] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360016
.text C:\Program Files\Internet Explorer\iexplore.exe[412] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[412] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FC1
.text C:\Program Files\Internet Explorer\iexplore.exe[412] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360FD2
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00980FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 0098000A
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00980FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[412] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0098002F
.text C:\Program Files\Internet Explorer\iexplore.exe[412] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01070FEF
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[652] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 016C0001
.text C:\WINDOWS\system32\csrss.exe[652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[676] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[676] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01390001
.text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[676] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01060FEF
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010600B5
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0106009A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01060FC0
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0106007D
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01060051
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010600DC
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01060F94
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01060F39
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01060F5E
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010600ED
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01060062
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0106000A
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01060FAF
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01060040
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01060025
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01060F6F
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FDB
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0087
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0022
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0011
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF006C
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00FF0FC0
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [1F, 89]
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF0051
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0FCA
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0055
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0FE5
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE0044
.text C:\WINDOWS\system32\services.exe[732] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0029
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\services.exe[732] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0FEF
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F80000
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F800BC
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F800AB
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F8008E
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F80073
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F8004E
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F800ED
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F80F9B
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F80F54
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F80F6F
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F800FE
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F80FD1
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F80011
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F80FAC
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F80033
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F80022
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F80F80
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F70047
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F700A9
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F70036
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F7001B
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F70084
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F7000A
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F70073
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F70058
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F60062
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F60047
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F60FD7
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F60000
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F6002C
.text C:\WINDOWS\system32\lsass.exe[744] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F60011
.text C:\WINDOWS\system32\lsass.exe[744] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C10FEF
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 15th, 2009, 5:30 am

.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B10000
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B10089
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B1006E
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B1005D
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B10040
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B10FAF
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B100BC
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B100AB
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B100D7
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B10F3E
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B10F23
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B10F9E
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B10FE5
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B1009A
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B10025
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B10FD4
.text C:\WINDOWS\system32\svchost.exe[912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B10F4F
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B00047
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B0008E
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B0002C
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B0001B
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B00FD1
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B00000
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B00073
.text C:\WINDOWS\system32\svchost.exe[912] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B00058
.text C:\WINDOWS\system32\svchost.exe[912] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[912] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF0044
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF0033
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF0FCD
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0FEF
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF0018
.text C:\WINDOWS\system32\svchost.exe[912] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AF0FDE
.text C:\WINDOWS\system32\svchost.exe[912] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AE0000
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[968] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D00FE5
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D00F4B
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D00040
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D0002F
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D00F72
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D00FA8
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D00F09
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D00F1A
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D0009B
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D00EF8
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D000AC
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D00F8D
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D00FD4
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D00051
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D0000A
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D00FC3
.text C:\WINDOWS\system32\svchost.exe[968] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D00076
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00CF0036
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00CF0F9E
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00CF001B
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00CF000A
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00CF0FAF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00CF0FEF
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00CF0047
.text C:\WINDOWS\system32\svchost.exe[968] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00CF0FC0
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[968] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00CE001B
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!system 77C293C7 5 Bytes JMP 00CE0F90
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00CE0FC6
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00CE0000
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00CE0FA1
.text C:\WINDOWS\system32\svchost.exe[968] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00CE0FE3
.text C:\WINDOWS\system32\svchost.exe[968] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00CD0000
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025E0FEF
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025E0F5F
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025E0F70
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025E004A
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025E0F97
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025E002F
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025E0080
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025E006F
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025E0EF1
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025E0F0C
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 025E0EE0
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 025E0FA8
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 025E0FDE
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 025E0F4E
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 025E0FCD
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 025E0014
.text C:\WINDOWS\System32\svchost.exe[1064] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 025E0F1D
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 025D001B
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 025D007D
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 025D0FCA
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 025D0FE5
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 025D0062
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 025D000A
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 025D0047
.text C:\WINDOWS\System32\svchost.exe[1064] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 025D0036
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 025C0F8D
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!system 77C293C7 5 Bytes JMP 025C0FB2
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 025C0FDE
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_open 77C2F566 5 Bytes JMP 025C0FEF
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 025C0FC3
.text C:\WINDOWS\System32\svchost.exe[1064] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 025C000C
.text C:\WINDOWS\System32\svchost.exe[1064] WS2_32.dll!socket 71AB4211 5 Bytes JMP 025B000A
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 02560FEF
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02560FDE
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0256001E
.text C:\WINDOWS\System32\svchost.exe[1064] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 0256002F
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\iPod\bin\iPodService.exe[1128] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008B0001
.text C:\Program Files\iPod\bin\iPodService.exe[1128] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\iPod\bin\iPodService.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\iPod\bin\iPodService.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00660FEF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00660F72
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00660F83
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00660F94
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00660051
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00660FAF
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00660F3C
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00660084
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006600A6
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00660095
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00660EF2
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00660040
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00660000
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00660F4D
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00660FC0
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0066001B
.text C:\WINDOWS\system32\svchost.exe[1176] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00660F21
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00650014
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00650051
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00650FC3
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00650FD4
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00650F9E
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00650FEF
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00650040
.text C:\WINDOWS\system32\svchost.exe[1176] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0065002F
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1176] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00640047
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!system 77C293C7 5 Bytes JMP 00640FBC
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0064001B
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00640FEF
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 0064002C
.text C:\WINDOWS\system32\svchost.exe[1176] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1176] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00630FE5
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1264] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00A00000
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00A00F7E
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00A00F8F
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00A00069
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00A00FB6
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00A00FD1
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00A0009F
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00A00F57
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A000BA
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A00F21
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00A000D5
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00A00058
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00A0001B
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00A0008E
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00A0003D
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00A0002C
.text C:\WINDOWS\system32\svchost.exe[1264] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00A00F3C
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009F0FC3
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009F0F6B
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009F0014
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009F0FDE
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009F0F86
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009F0FEF
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 009F0FA1
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [BF, 88]
.text C:\WINDOWS\system32\svchost.exe[1264] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009F0FB2
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1264] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009E0040
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!system 77C293C7 5 Bytes JMP 009E002F
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009E0FC6
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009E0FEF
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009E0FB5
.text C:\WINDOWS\system32\svchost.exe[1264] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009E0000
.text C:\WINDOWS\system32\svchost.exe[1264] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009D0000
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 028E0001
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[1336] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
.text C:\WINDOWS\system32\spoolsv.exe[1400] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[1400] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1520] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BE0089
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BE0F94
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BE0062
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BE0051
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BE0036
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BE00B5
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BE0F79
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BE0F37
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BE0F48
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BE0F1C
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BE0FAF
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BE000A
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BE009A
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BE001B
.text C:\WINDOWS\system32\svchost.exe[1520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BE00C6
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00930040
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0093007D
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00930FEF
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0093001B
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930062
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930000
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00930051
.text C:\WINDOWS\system32\svchost.exe[1520] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FCA
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1520] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920FA6
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FB7
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00920FE3
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD2
.text C:\WINDOWS\system32\svchost.exe[1520] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00900000
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00900FE5
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 0090001B
.text C:\WINDOWS\system32\svchost.exe[1520] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00900FC0
.text C:\WINDOWS\system32\svchost.exe[1520] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1552] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 15th, 2009, 5:31 am

.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00830001
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70075
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70064
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70047
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70FAF
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F3E
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F59
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700AB
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F12
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700C6
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70036
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70086
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F7001B
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F2D
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60014
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F97
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60FA8
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F6004A
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60025
.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50F9A
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F5001B
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FB5
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FC6
.text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FE5
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013B0001
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 021A0001
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02A50001
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03B60001
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 028A0001
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03C50001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] kernel32.dll!CreateThread + 1B 7C8106F2 3 Bytes CALL 0044ACCE C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 15th, 2009, 5:31 am

.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00830001
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1564] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F70FE5
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F70075
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F70064
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F70F8A
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F70047
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F70FAF
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F70F3E
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F70F59
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F700AB
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F70F12
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F700C6
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F70036
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F70FD4
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F70086
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F7001B
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F7000A
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F70F2D
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F60014
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F60F97
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F60FC3
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F60FD4
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F60FA8
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F60FEF
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F6004A
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F60025
.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F50F9A
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F5001B
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F50FB5
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F50FEF
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F5000A
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F50FC6
.text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F40FE5
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1776] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[1816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013B0001
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[1816] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 021A0001
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[1836] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02A50001
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1892] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03B60001
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[1932] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 028A0001
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[1964] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[1980] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe[2264] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03C50001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] kernel32.dll!CreateThread + 1B 7C8106F2 3 Bytes CALL 0044ACCE C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[2296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2340] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[2380] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2400] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RunDll32.exe[2404] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 15th, 2009, 5:32 am

.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 027B0001
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2412] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\PeerGuardian2\pg2.exe[2460] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 019E0001
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ASUS\AI Remote\AiRc.exe[2512] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EF0001
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ASUS\AI Remote\AiRemote.exe[2536] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01610001
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Microsoft ActiveSync\Wcescomm.exe[2584] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DA0001
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Windows Media Player\WMPNSCFG.exe[2600] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DF0001
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\RUNDLL32.EXE[2604] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260089
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F94
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260062
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260051
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260025
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600AE
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260F72
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600DA
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F41
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600F5
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260040
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F83
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600BF
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F83
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FC3
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350040
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FA8
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215435 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E97F5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCE79 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED67C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E418F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E40C1 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E412C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3F92 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3FF4 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E41F2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4056 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FBE
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360049
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FE3
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360038
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036001D
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED6D8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E44F7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 01DE0000
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 01DE001B
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 01DE0FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 01DE0FCA
.text C:\Program Files\Internet Explorer\iexplore.exe[2688] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02050FEF
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01960001
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\MI3AA1~1\rapimgr.exe[2748] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 15th, 2009, 5:32 am

.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01950001
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2772] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[2876] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3088] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0087
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0076
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0040
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00C9
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00B8
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F44
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F5F
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F29
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FA8
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A000A
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F81
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0FD4
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\svchost.exe[3088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F70
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FAF
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029002F
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FCA
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290FDB
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F72
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290000
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290F83
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
.text C:\WINDOWS\system32\svchost.exe[3088] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F94
.text C:\WINDOWS\system32\svchost.exe[3088] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[3088] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[3088] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E001B
.text C:\WINDOWS\system32\svchost.exe[3088] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0F90
.text C:\WINDOWS\system32\svchost.exe[3088] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FB5
.text C:\WINDOWS\system32\svchost.exe[3088] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FEF
.text C:\WINDOWS\system32\svchost.exe[3088] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E000A
.text C:\WINDOWS\system32\svchost.exe[3088] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FC6
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007F0001
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[3188] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D90001
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[3220] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Windows Media Player\WMPNetwk.exe[3288] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0B7B0001
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\SearchIndexer.exe[3464] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3916] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006E0001
.text C:\WINDOWS\System32\alg.exe[3916] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\System32\alg.exe[3916] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[3916] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Simon\Desktop\s4xiovdz.exe[5556] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[412] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[732] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[744] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[744] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[744] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[744] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[744] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[744] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[744] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[912] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[968] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1064] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1176] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1176] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1176] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1176] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1176] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1176] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1176] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1264] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1520] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\System32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!SetWindowsHookExW] 5F340000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\Program Files\Internet Explorer\iexplore.exe[2688] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[3088] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

---- EOF - GMER 1.0.15 ----
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby deltalima » October 15th, 2009, 2:01 pm

Hi snooker&molly,

RSIT (Random's System Information Tool)
Please download RSIT by random/random... save it to your desktop.
  1. Double click on RSIT.exe to run it... read the disclaimer... click on Continue.
  2. RSIT will start running. When done... 2 logs files...will be produced.
    The first one, "log.txt", <<will be maximized... the second one, "info.txt", <<will be minimized.
  3. Please post both... "log.txt" and "info.txt", file contents in your next reply.
(These logs can be lengthy, so post 1 log per reply please.)
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 16th, 2009, 7:19 am

Logfile of random's system information tool 1.06 (written by random/random)
Run by Simon at 2009-10-16 22:17:43
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 17 GB (17%) free of 100 GB
Total RAM: 2046 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:47 PM, on 16-Oct-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\System32\alg.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\ASUS\AI Remote\AiRc.exe
C:\Program Files\ASUS\AI Remote\AiRemote.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\MICROS~3\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\PROGRA~1\mcafee\msc\mcupdmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee\msc\mcupdui.exe
C:\Documents and Settings\Simon\Desktop\RSIT.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Simon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.smh.com.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Ai Remote Help] "C:\Program Files\ASUS\AI Remote\AiRc.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPSON Stylus CX5500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE /FU "C:\WINDOWS\TEMP\E_S1EAA.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9691285125
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: McAfee Application Installer Cleanup (0321181252920176) (0321181252920176mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\032118~1.EXE (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: WD Drive Manager Service (WDBtnMgrSvc.exe) - WDC - C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

--
End of file - 12482 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27B4851A-3207-45A2-B947-BE8AFE6163AB}]
McAfee Phishing Filter - c:\PROGRA~1\mcafee\msk\mskapbho.dll [2009-07-08 246800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll [2009-07-08 62784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2009-02-13 150032]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"C6501Sound"=RunDll32 c6501.cpl,CMICtrlWnd []
"Ai Remote Help"=C:\Program Files\ASUS\AI Remote\AiRc.exe [2007-01-19 3347456]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-17 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-17 86016]
"WD Drive Manager"=C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe [2008-01-30 438272]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2007-09-04 54576]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2009-07-10 645328]
"McENUI"=C:\PROGRA~1\McAfee\MHN\McENUI.exe [2009-07-07 1176808]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2009-05-13 177472]
"BlackBerryAutoUpdate"=C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe [2009-03-19 615696]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2008-11-10 236016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2009-07-22 1181064]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2007-09-04 95536]
"PeerGuardian"=C:\Program Files\PeerGuardian2\pg2.exe [2007-01-30 1432064]
"Steam"=C:\Program Files\Steam\Steam.exe [2009-06-11 1217784]
"EPSON Stylus CX5500 Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAP.EXE [2007-03-01 180736]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-10-18 204288]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Simon\Start Menu\Programs\Startup
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\MioNet\MioNetManager.exe"="C:\Program Files\MioNet\MioNetManager.exe:*:Enabled:MioNetManager"
"C:\Program Files\MioNet\jvm\bin\MioNet.exe"="C:\Program Files\MioNet\jvm\bin\MioNet.exe:*:Enabled:MioNet"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2009-10-16 22:17:43 ----D---- C:\rsit
2009-10-15 03:06:45 ----SHD---- C:\Config.Msi
2009-10-15 03:05:37 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$
2009-10-15 03:03:55 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$
2009-10-15 03:03:50 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$
2009-10-15 03:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$
2009-10-15 03:03:43 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$
2009-10-15 03:03:39 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$
2009-10-15 03:01:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$
2009-10-15 03:00:58 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$
2009-10-15 03:00:21 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$
2009-10-08 09:15:45 ----A---- C:\WINDOWS\system32\javaws.exe
2009-10-08 09:15:45 ----A---- C:\WINDOWS\system32\javaw.exe
2009-10-08 09:15:45 ----A---- C:\WINDOWS\system32\java.exe
2009-10-08 09:02:22 ----D---- C:\Program Files\Trend Micro
2009-10-07 14:49:27 ----D---- C:\Program Files\Common Files\PC Tools
2009-10-07 14:49:18 ----D---- C:\Program Files\Spyware Doctor
2009-10-07 14:49:18 ----D---- C:\Documents and Settings\Simon\Application Data\PC Tools
2009-10-07 14:49:18 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-10-07 14:49:06 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-10-04 04:00:16 ----A---- C:\WINDOWS\imsins.BAK
2009-10-04 04:00:12 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$

======List of files/folders modified in the last 1 months======

2009-10-16 22:17:44 ----D---- C:\WINDOWS\Temp
2009-10-16 22:17:40 ----D---- C:\WINDOWS\Prefetch
2009-10-16 22:09:52 ----D---- C:\Program Files\PeerGuardian2
2009-10-16 17:39:34 ----D---- C:\Program Files\Steam
2009-10-16 17:35:50 ----D---- C:\WINDOWS\system32\drivers
2009-10-16 17:35:34 ----D---- C:\WINDOWS\system32\CatRoot2
2009-10-16 17:35:03 ----D---- C:\WINDOWS
2009-10-15 23:17:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-10-15 03:26:23 ----D---- C:\WINDOWS\system32
2009-10-15 03:26:23 ----D---- C:\Program Files\Internet Explorer
2009-10-15 03:15:16 ----RSD---- C:\WINDOWS\assembly
2009-10-15 03:13:02 ----D---- C:\WINDOWS\Microsoft.NET
2009-10-15 03:08:17 ----SHD---- C:\WINDOWS\Installer
2009-10-15 03:08:04 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-10-15 03:07:51 ----D---- C:\WINDOWS\WinSxS
2009-10-15 03:05:56 ----HD---- C:\WINDOWS\inf
2009-10-15 03:05:53 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-10-15 03:05:46 ----D---- C:\WINDOWS\ie8updates
2009-10-15 03:05:41 ----HD---- C:\WINDOWS\$hf_mig$
2009-10-15 03:03:33 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-10-08 12:54:53 ----D---- C:\Documents and Settings\Simon\Application Data\uTorrent
2009-10-08 09:51:25 ----D---- C:\WINDOWS\Debug
2009-10-08 09:15:25 ----D---- C:\Program Files\Java
2009-10-08 09:02:22 ----RD---- C:\Program Files
2009-10-07 14:59:55 ----SHD---- C:\System Volume Information
2009-10-07 14:59:55 ----D---- C:\WINDOWS\system32\Restore
2009-10-07 14:49:27 ----D---- C:\Program Files\Common Files
2009-10-07 14:45:31 ----D---- C:\WINDOWS\network diagnostic
2009-10-07 14:23:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-10-04 21:42:54 ----D---- C:\etax2009
2009-10-03 22:21:15 ----D---- C:\WINDOWS\Help
2009-10-03 05:01:57 ----A---- C:\WINDOWS\system32\MRT.exe
2009-09-30 04:02:51 ----RSD---- C:\WINDOWS\Fonts
2009-09-30 04:02:48 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-09-30 04:02:32 ----D---- C:\Program Files\Microsoft Works
2009-09-30 04:01:01 ----D---- C:\Program Files\Common Files\System
2009-09-30 04:01:01 ----A---- C:\WINDOWS\win.ini
2009-09-28 11:24:00 ----D---- C:\WINDOWS\system32\LogFiles
2009-09-28 11:02:41 ----D---- C:\Documents and Settings\Simon\Application Data\LimeWire

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R1 AsIO;AsIO; C:\WINDOWS\system32\drivers\AsIO.sys [2006-10-19 12664]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-07-08 214024]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2009-07-16 120136]
R2 symlcbrd;symlcbrd; \??\C:\WINDOWS\system32\drivers\symlcbrd.sys []
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 cm102u32;C-Media CM6501 Like Sound Interface; C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 1419968]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-07-08 79816]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-07-08 35272]
R3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-07-08 34248]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-07-08 40552]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-28 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 NuidFltr;NUID filter driver; C:\WINDOWS\system32\DRIVERS\NuidFltr.sys [2009-05-09 14736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-17 6132576]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-09-30 34048]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-09-30 13056]
R3 pgfilter;pgfilter; \??\C:\Program Files\PeerGuardian2\pgfilter.sys []
R3 RimVSerPort;RIM Virtual Serial Port v2; C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-18 26496]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2006-02-28 5888]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-14 17152]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 RimUsb;BlackBerry Smartphone; C:\WINDOWS\System32\Drivers\RimUsb.sys [2008-05-20 22784]
S3 RT61;D-Link Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT61.sys [2006-05-04 380928]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-06-05 39424]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-14 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 wceusbsh;Windows CE USB Serial Host Driver; C:\WINDOWS\system32\DRIVERS\wceusbsh.sys [2006-11-06 28672]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2008-04-14 73472]
S4 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-02-28 12032]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2009-02-11 210216]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2009-07-10 865832]
R2 McNASvc;McAfee Network Agent; c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe [2009-07-07 2482848]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2009-07-08 359952]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2009-07-08 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2009-07-10 894136]
R2 MSK80Service;McAfee Anti-Spam Service; C:\Program Files\McAfee\MSK\MskSrver.exe [2009-07-08 26640]
R2 NMSAccessU;NMSAccessU; C:\Program Files\CDBurnerXP\NMSAccessU.exe [2008-10-20 71096]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-17 163908]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-28 348824]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-07-22 1097096]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service; C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2008-01-30 106496]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2009-07-08 606736]
S2 0321181252920176mcinstcleanup;McAfee Application Installer Cleanup (0321181252920176); C:\WINDOWS\TEMP\032118~1.EXE C:\PROGRA~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service []
S2 Roxio Upnp Server 9;Roxio Upnp Server 9; C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe [2007-12-07 362992]
S2 RoxLiveShare9;LiveShare P2P Server 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe [2008-11-10 313840]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2008-11-10 170480]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MBackMonitor;MBackMonitor; C:\Program Files\McAfee\MBK\MBackMonitor.exe [2009-07-08 68112]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2009-07-08 365072]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2008-10-25 65888]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Roxio UPnP Renderer 9;Roxio UPnP Renderer 9; C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe [2007-12-07 88560]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2008-11-10 1108464]
S3 Symantec RemoteAssist;Symantec RemoteAssist; C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe [2008-01-29 394704]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby snooker&molly » October 16th, 2009, 7:20 am

info.txt logfile of random's system information tool 1.06 2009-10-16 22:17:50

======Uninstall list======

-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->MsiExec.exe /I{48A669A9-76FA-4CA8-BFD5-00C125AC4166}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AI Remote-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0AFF134D-A6B4-4669-9573-36665FFD1F50}\setup.exe" -l0x9
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Autorun Eater v2.3-->"C:\Program Files\Autorun Eater\unins000.exe"
BlackBerry Desktop Software 4.7-->MsiExec.exe /I{5AD30BA1-7ACB-44DC-912C-D4702EC19769}
BlackBerry Desktop Software 4.7-->MsiExec.exe /i{5AD30BA1-7ACB-44DC-912C-D4702EC19769}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Camera RAW Plug-In for EPSON Creativity Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}\SETUP.EXE" -l0x9 UNINST
CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
CDBurnerXP-->"C:\Program Files\CDBurnerXP\unins000.exe"
ClearType Tuning Control Panel Applet-->MsiExec.exe /I{C9E4932C-8417-4E4C-A0E3-EE534810AB4D}
C-Media 6501 Sound-->C:\WINDOWS\Cmi6501Uninstall.exe C:\Program Files\C-Media 6501 Sound#C-Media 6501 Sound#C-Media 6501 Sound#
CX4300_5500_DX4400 manual-->C:\Program Files\EPSON\TPMANUAL\CX4300_5500_DX4400\ENG\USE_G\DOCUNINS.EXE
EPSON Attach To Email-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{20C45B32-5AB6-46A4-94EF-58950CAF05E5} /l1033 ADDREMOVEDLG
EPSON Copy Utility 3-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{67EDD823-135A-4D59-87BD-950616D6E857}\SETUP.EXE" -l0x9 -UnInstall
EPSON Easy Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}\SETUP.EXE" -l0x9 UNINST
EPSON File Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}\Setup.exe" -l0x9 UNINST
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON Scan Assistant-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}\Setup.exe" -l0x9 -u
EPSON Scan-->C:\Program Files\epson\escndv\setup\setup.exe /r
e-tax 2009-->MsiExec.exe /X{919F3D91-8374-410F-932B-A126F2C85426}
HijackThis 2.0.2-->"C:\Documents and Settings\Simon\Local Settings\Temporary Internet Files\Content.IE5\4L1W6W22\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft ActiveSync-->MsiExec.exe /I{99052DB7-9592-4522-A558-5417BBAD48EE}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Games for Windows - LIVE -->MsiExec.exe /X{4D243BA7-9AC4-46D1-90E5-EEB88974F501}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00BA-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0114-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0117-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office Access MUI (English) 2007-->MsiExec.exe /X{90120000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2007-->MsiExec.exe /X{90120000-00BA-0409-0000-0000000FF1CE}
Microsoft Office Groove Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0114-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2007-->MsiExec.exe /X{90120000-0044-0409-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2007-->MsiExec.exe /X{90120000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}
Microsoft Office Publisher MUI (English) 2007-->MsiExec.exe /X{90120000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Ultimate 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ULTIMATER /dll OSETUP.DLL
Microsoft Office Ultimate 2007-->MsiExec.exe /X{91120000-002E-0000-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MobileMe Control Panel-->MsiExec.exe /I{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 Parser and SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
MSXML 6.0 Parser (KB925673)-->MsiExec.exe /I{FE9126DB-5F84-495A-BB46-3C724F1C2D08}
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OLYMPUS Master 2-->MsiExec.exe /X{45FCADDB-0B29-457E-83A1-D245C62A716C}
PeerGuardian 2.0-->"C:\Program Files\PeerGuardian2\unins000.exe"
PrimoPDF-->"C:\WINDOWS\PrimoPDF4\uninstall.exe" "/U:C:\Program Files\activePDF\PrimoPDF\Uninstall\uninstallPrimoPDF4.xml"
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Roxio Media Manager-->MsiExec.exe /X{56BED62F-278A-407B-8BCD-E645EC96D2ED}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB969679)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C66E4A6C-6E07-4C63-8CCD-2493B5087C73}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Microsoft Office Excel 2007 (KB969682)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C03803BD-745A-46F8-8557-817DED578780}
Security Update for Microsoft Office Outlook 2007 (KB972363)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {120BE9A0-9B09-4855-9E0C-7DEE45CB03C0}
Security Update for Microsoft Office PowerPoint 2007 (KB957789)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7559E742-FF9F-4FAE-B279-008ED296CB4D}
Security Update for Microsoft Office Publisher 2007 (KB969693)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {7BE67088-1EB3-4569-8E75-DDAFBF61BC4E}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB969604)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {CF3D6499-709C-43D0-8908-BC5652656050}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"
Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"
Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"
Spyware Doctor 6.1-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Symantec Technical Support Web Controls-->MsiExec.exe /X{20C53FA2-4307-4671-A93F-9463B29DFCF1}
Tweak UI-->"C:\WINDOWS\system32\mshta.exe" "res://C:\WINDOWS\system32\TweakUI.exe/uninstall.hta"
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Outlook 2007 Junk Email Filter (KB974810)-->msiexec /package {91120000-002E-0000-0000-0000000FF1CE} /uninstall {C05FBAD5-A211-4E86-BB51-7E07B80C9233}
Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Warhammer 40,000: Dawn of War II-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15620
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WD Drive Manager (x86)-->MsiExec.exe /X{51B833D8-66B0-4E72-92B9-4E4977EF37F2}
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)-->C:\PROGRA~1\DIFX\7B44739871F4D539FA473F57A832EA4B6A59EF06\DPInst.exe /d /u C:\WINDOWS\system32\DRVSTORE\amdk8_C074F64CC74B03BC354BB5DC973CCF768D5A7194\amdk8.inf
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Xvid 1.2.2 final uninstall-->"C:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) [2009-10-15]

======Security center information======

AV: McAfee VirusScan
FW: McAfee Personal Firewall

======System event log======

Computer Name: MAINFRAME
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 18419
Source Name: Tcpip
Time Written: 20090910033645.000000+600
Event Type: warning
User:

Computer Name: MAINFRAME
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 18418
Source Name: Tcpip
Time Written: 20090910020126.000000+600
Event Type: warning
User:

Computer Name: MAINFRAME
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 18417
Source Name: W32Time
Time Written: 20090909111239.000000+600
Event Type: warning
User:

Computer Name: MAINFRAME
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 18416
Source Name: Tcpip
Time Written: 20090909105830.000000+600
Event Type: warning
User:

Computer Name: MAINFRAME
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 17865
Source Name: Tcpip
Time Written: 20090908175711.000000+600
Event Type: warning
User:

=====Application event log=====

Computer Name: MAINFRAME
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 37532
Source Name: crypt32
Time Written: 20090902190337.000000+600
Event Type: error
User:

Computer Name: MAINFRAME
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: A connection with the server could not be established


Record Number: 37531
Source Name: crypt32
Time Written: 20090902190337.000000+600
Event Type: error
User:

Computer Name: MAINFRAME
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 37530
Source Name: crypt32
Time Written: 20090902190245.000000+600
Event Type: error
User:

Computer Name: MAINFRAME
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 37529
Source Name: crypt32
Time Written: 20090902190245.000000+600
Event Type: error
User:

Computer Name: MAINFRAME
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.


Record Number: 37528
Source Name: crypt32
Time Written: 20090902185945.000000+600
Event Type: error
User:

=====Security event log=====

Computer Name: MAINFRAME
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: -

Interface: -

Name: -

Port number: 1706

Protocol: TCP

State: Enabled

Scope: All subnets

Record Number: 53396
Source Name: Security
Time Written: 20090930031446.000000+600
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: MAINFRAME
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: -

Interface: -

Name: -

Port number: 1705

Protocol: TCP

State: Enabled

Scope: All subnets

Record Number: 53395
Source Name: Security
Time Written: 20090930031446.000000+600
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: MAINFRAME
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: -

Interface: -

Name: -

Port number: 1704

Protocol: TCP

State: Enabled

Scope: All subnets

Record Number: 53394
Source Name: Security
Time Written: 20090930031446.000000+600
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: MAINFRAME
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: -

Interface: -

Name: -

Port number: 1703

Protocol: TCP

State: Enabled

Scope: All subnets

Record Number: 53393
Source Name: Security
Time Written: 20090930031446.000000+600
Event Type: audit success
User: NT AUTHORITY\SYSTEM

Computer Name: MAINFRAME
Event Code: 850
Message: A port was listed as an exception when the Windows Firewall started.



Policy origin: Local Policy

Profile used: -

Interface: -

Name: -

Port number: 1702

Protocol: TCP

State: Enabled

Scope: All subnets

Record Number: 53392
Source Name: Security
Time Written: 20090930031446.000000+600
Event Type: audit success
User: NT AUTHORITY\SYSTEM

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 67 Stepping 3, AuthenticAMD
"PROCESSOR_REVISION"=4303
"NUMBER_OF_PROCESSORS"=2
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------
snooker&molly
Regular Member
 
Posts: 15
Joined: October 7th, 2009, 6:27 pm

Re: Malware has taken over my computer - please help

Unread postby deltalima » October 16th, 2009, 4:23 pm

Hi snooker&molly,


Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    netstat –ab >> results.txt 2>>&1
    start notepad results.txt
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.

  • Please go Here then click on: Image
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Please post the Eset log and the log from xxx.bat in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 293 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware