Here we go again.
Here is my DDS.TXT:
DDS (Ver_09-02-01.01) - NTFSx86
Run by Administrator at 21:58:01.14 on Wed 02/25/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2107 [GMT -5:00]
AV: BitDefender Antivirus *On-access scanning enabled* (Outdated)
FW: BitDefender Firewall *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe
C:\WINDOWS\System32\svchost.exe -kbdx
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\scthemes\scthemes.exe
C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\taskmgr.exe
c:\program files\bitdefender\bitdefender 2009\seccenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator.DANNY2\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearchMigratedDefaultURL =
hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: c:\windows\system32\hhs3ijndfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hhs3ijndfd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [p09nkhcojrpvdkznrcx5ilq2yv0ebf2q4no5oi4x3] c:\docume~1\admini~1.dan\locals~1\temp\a84la8g.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RRT-Auto] c:\rrt\RRT.exe auto
dRun: [Spyware Doctor] "c:\program files\spyware doctor\swdoctor.exe" /Q
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
StartupFolder: c:\docume~1\admini~1.dan\startm~1\programs\startup\screen~1.lnk - c:\scthemes\scthemes.exe
StartupFolder: c:\docume~1\admini~1.dan\startm~1\programs\startup\thoosj~1.lnk - c:\program files\thoosje vista sidebar\Thoosje Sidebar.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\11bgpc~1.lnk - c:\program files\oem\11bg pci&cardbus wireless lan utility\RtWLan.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-f400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\adobea~2.lnk - c:\program files\adobe\acrobat 8.0\acrobat\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
StartupFolder: c:\docume~1\alluse~1.win\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
uPolicies-explorer: NoFolderOptions = 1 (0x1)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-system: DisableRegistryTools = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
IE: &Winamp Search - c:\documents and settings\all users.windows\application data\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Customize Menu -
file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Fill Forms -
file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar -
file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms -
file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - {A1EDC4A1-940F-48E0-8DFD-E38F1D501021} - c:\progra~1\spywar~1\tools\iesdpb.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} -
hxxp://download.macromedia.com/pub/shoc ... tor/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} -
hxxp://download.microsoft.com/download/ ... ontrol.cabDPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} -
hxxp://www.eset.eu/buxus/docs/OnlineScanner.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -
hxxp://update.microsoft.com/microsoftup ... 4683325406DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} -
hxxp://dl8-cdn-01.sun.com/s/ESD7/JSCDL/ ... 586-jc.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} -
hxxp://fpdownload.macromedia.com/get/fl ... rashim.cabDPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -
hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cabHandler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: utsync - utsync.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\hhs3ijndfd.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hhs3ijndfd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
============= SERVICES / DRIVERS ===============
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-2-12 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-2-12 16768]
R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-7-2 82568]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [2008-11-27 38144]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\NBService.exe [2008-11-25 935208]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-8-12 108864]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2008-8-14 102208]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2008-7-17 118784]
=============== Created Last 30 ================
2009-02-24 23:53 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\Windows Search
2009-02-24 20:45 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-24 20:45 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-24 19:10 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-02-24 00:05 <DIR> --d----- C:\RRT
2009-02-24 00:01 16,244 a------- c:\windows\system32\rrt_is.wav
2009-02-24 00:01 7,302 a------- c:\windows\system32\rrt_vf.wav
2009-02-24 00:01 7,148 a------- c:\windows\system32\rrt_tv.wav
2009-02-24 00:01 6,282 a------- c:\windows\system32\rrt_tn.wav
2009-02-23 23:53 <DIR> --d----- C:\myRTVAULT
2009-02-23 23:53 <DIR> --d----- C:\MyRT
2009-02-23 21:49 0 a------- C:\bwrsnohl.exe
2009-02-23 21:49 0 a------- C:\eslb.exe
2009-02-23 21:48 1 a------- c:\windows\system32\uniq.tll
2009-02-23 21:48 0 a------- C:\aheg.exe
2009-02-23 21:48 0 a------- C:\puphu.exe
2009-02-23 21:47 0 a------- C:\484847148
2009-02-23 21:47 1,980 a------- C:\hjotfjn.exe
2009-02-23 21:47 27,136 a------- c:\windows\system32\frmwrk32.exe
2009-02-23 21:47 27,136 a------- C:\mpypakmw.exe
2009-02-23 21:47 40,448 a------- C:\kyamdorp.exe
2009-02-23 21:47 1,980 a------- C:\wxhymf.exe
2009-02-23 21:47 39,936 a------- c:\windows\Hregogodinirey.dll
2009-02-23 21:47 15,000 a------- c:\windows\system32\hhs3ijndfd.dll
2009-02-23 21:47 39,936 a------- C:\sqmarv.exe
2009-02-23 17:40 <DIR> --d----- c:\program files\EsetOnlineScanner
2009-02-22 12:12 <DIR> --d----- c:\program files\Microsoft
2009-02-22 12:11 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\Windows Desktop Search
2009-02-22 12:10 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-02-22 12:10 <DIR> --d----- c:\program files\Windows Desktop Search
2009-02-22 12:10 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-02-22 12:10 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-02-22 12:10 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-02-21 16:34 <DIR> --d----- C:\ComboFix
2009-02-21 13:24 <DIR> --d----- c:\windows\system32\XPSViewer
2009-02-21 13:23 117,760 -------- c:\windows\system32\prntvpt.dll
2009-02-21 13:23 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-02-21 13:23 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-02-21 13:23 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-02-21 13:23 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-02-21 13:23 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-02-21 13:23 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-02-21 12:53 <DIR> --d----- c:\program files\Messenger
2009-02-21 12:28 6,066,688 -c------ c:\windows\system32\dllcache\ieframe.dll
2009-02-21 12:28 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2009-02-21 12:28 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2009-02-21 12:28 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2009-02-21 12:28 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2009-02-21 12:28 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2009-02-21 12:28 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2009-02-21 12:28 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2009-02-21 12:28 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2009-02-21 11:43 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2009-02-21 10:42 <DIR> a-dshr-- C:\cmdcons
2009-02-21 10:39 161,792 a------- c:\windows\SWREG.exe
2009-02-21 10:39 98,816 a------- c:\windows\sed.exe
2009-02-20 05:13 124 a------- c:\windows\wininit.ini
2009-02-19 17:20 250 a------- c:\windows\gmer.ini
2009-02-16 20:10 268,648 a------- c:\windows\system32\mucltui.dll
2009-02-16 20:10 27,496 a------- c:\windows\system32\mucltui.dll.mui
2009-02-15 01:03 <DIR> --d----- c:\program files\Trend Micro
2009-02-14 22:43 643 a------- c:\windows\win.tmp
2009-02-14 22:43 227 a------- c:\windows\system.tmp
2009-02-14 22:23 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\BitDefender
2009-02-14 22:23 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\BitDefender
2009-02-14 22:22 <DIR> --d----- c:\program files\common files\BitDefender
2009-02-14 14:28 81,984 a------- c:\windows\system32\bdod.bin
2009-02-14 12:35 850 a------- c:\windows\system32\ProductTweaks.xml
2009-02-14 12:35 385 a------- c:\windows\system32\user_gensett.xml
2009-02-14 12:25 <DIR> --d----- c:\windows\system32\logs
2009-02-14 12:24 <DIR> --d----- c:\program files\BitDefender
2009-02-14 12:24 <DIR> --d----- c:\windows\system32\URTTEMP
2009-02-14 11:41 750,984 a------- c:\windows\system32\Magentic Screensaver.scr
2009-02-14 11:41 <DIR> --d----- c:\program files\Magentic
2009-02-14 11:22 <DIR> --ds---- c:\documents and settings\administrator.danny2\UserData
2009-02-14 10:33 <DIR> --d----- c:\program files\Thoosje Vista Sidebar
2009-02-14 10:29 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\RapidSolution
2009-02-14 10:29 <DIR> --d----- c:\program files\RapidSolution
2009-02-14 10:17 <DIR> --d----- c:\program files\Winamp Toolbar
2009-02-14 10:17 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Winamp Toolbar
2009-02-14 09:56 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\PC Tools
2009-02-14 09:49 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-02-14 09:49 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-02-14 09:48 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-14 09:48 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-14 09:48 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-14 09:48 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-14 09:47 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-02-14 09:47 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-02-14 09:46 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-02-14 09:46 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-02-14 09:45 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\River Past G5
2009-02-14 09:45 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\River Past G5
2009-02-13 22:37 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-02-13 22:37 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-13 22:37 <DIR> --d----- c:\program files\iPod
2009-02-13 22:37 <DIR> --d----- c:\program files\iTunes
2009-02-13 22:37 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-02-13 22:36 <DIR> --d----- c:\program files\Bonjour
2009-02-13 22:04 74,240 -c------ c:\windows\system32\dllcache\mscms.dll
2009-02-13 22:04 361,600 ac------ c:\windows\system32\dllcache\tcpip.sys
2009-02-13 22:04 245,248 ac------ c:\windows\system32\dllcache\mswsock.dll
2009-02-13 22:04 100,352 ac------ c:\windows\system32\dllcache\6to4svc.dll
2009-02-13 22:04 138,496 -c------ c:\windows\system32\dllcache\afd.sys
2009-02-13 22:01 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-02-13 22:00 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\Nero
2009-02-13 21:59 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-02-13 21:11 32,592 a------- c:\windows\system32\msonpmon.dll
2009-02-13 21:08 <DIR> --d----- c:\program files\Microsoft Visual Studio 8
2009-02-13 20:55 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\1Click DVD Movie
2009-02-13 20:55 87,608 a------- c:\docume~1\admini~1.dan\applic~1\ezpinst.exe
2009-02-13 20:55 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-02-13 20:55 47,360 a------- c:\docume~1\admini~1.dan\applic~1\pcouffin.sys
2009-02-13 20:54 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\Lexmark Productivity Studio
2009-02-13 20:41 <DIR> --d----- c:\docume~1\admini~1.dan\applic~1\JAM Software
2009-02-12 23:02 49,152 a------- c:\windows\system32\FTPStubInstUtils.dll
2009-02-12 23:02 <DIR> --d----- c:\program files\WS_FTP Pro
2009-02-12 23:02 306,688 a------- c:\windows\ISUninst.exe
2009-02-12 22:35 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\IncrediMail
2009-02-12 22:32 <DIR> --d----- c:\docume~1\alluse~1.win\applic~1\IM
2009-02-12 21:56 16,768 a------- c:\windows\system32\drivers\BS_I2cIo.sys
2009-02-12 21:31 219 a------- c:\windows\stsaver.ini
2009-02-12 21:09 3,932,214 a------- c:\windows\ScreenThemes.bmp
2009-02-12 20:53 273,408 a------- c:\windows\system32\lfcmp11n.dll
2009-02-12 20:53 226,304 a------- c:\windows\system32\ltefx11n.dll
2009-02-12 20:53 126,976 a------- c:\windows\system32\ltimg11n.dll
2009-02-12 20:53 36,864 a------- c:\windows\system32\lfbmp11n.dll
2009-02-12 20:53 356,864 a------- c:\windows\system32\ltkrn11n.dll
2009-02-12 20:53 244,224 a------- c:\windows\system32\ltdis11n.dll
2009-02-12 20:53 111,616 a------- c:\windows\system32\ltfil11n.dll
2009-02-12 20:53 155,648 a------- c:\windows\system32\stsaver.scr
2009-02-12 20:53 327 a------- c:\windows\scthemes.ini
2009-02-12 20:52 635 a------- c:\windows\ef.INI
2009-02-12 20:40 12,598 a------- c:\windows\system32\wpa.bak
2009-02-12 20:36 21,035 a------- c:\windows\system32\drivers\AegisP.sys
2009-02-12 20:36 308,992 a----r-- c:\windows\system32\drivers\rtl8185.sys
2009-02-12 20:36 308,992 -----r-- c:\windows\system\rtl8185.sys
2009-02-12 20:33 940,794 a------- c:\windows\system32\LoopyMusic.wav
2009-02-12 20:33 146,650 a------- c:\windows\system32\BuzzingBee.wav
2009-02-12 20:32 <DIR> --d----- c:\program files\BIOS
2009-02-12 20:31 36,864 a------- c:\windows\system32\drivers\AmdK8.sys
2009-02-12 20:22 520,192 a------- c:\windows\RtlExUpd.dll
2009-02-12 20:22 315,392 a------- c:\windows\HideWin.exe
2009-02-12 20:22 81,496 a------- c:\windows\system32\nvapps.xml
2009-02-12 20:22 208,896 a------- c:\windows\system32\nvudisp.exe
2009-02-12 20:22 17,056 a------- c:\windows\system32\nvdisp.nvu
2009-02-12 20:21 22 a------- c:\windows\FileName
2009-02-12 20:20 446,464 a------- c:\windows\system32\CapabilityTable.exe
2009-02-12 20:20 356,352 -------- c:\windows\system32\nvuide.exe
2009-02-12 20:20 1,570 -------- c:\windows\system32\nvide.nvu
2009-02-12 20:20 1,732 a------- c:\windows\system32\drivers\nvphy.bin
2009-02-12 20:20 356,352 a------- c:\windows\system32\nvunrm.exe
2009-02-12 20:20 3,903 a------- c:\windows\system32\nvnrm.nvu
2009-02-12 20:20 356,352 a------- c:\windows\system32\NVUNINST.EXE
2009-02-12 20:20 13,696 a----r-- c:\windows\system32\drivers\BIOS.sys
2009-02-12 20:15 <DIR> --d----- c:\documents and settings\Administrator.DANNY2
2009-02-12 20:04 8,192 a------- c:\windows\REGLOCS.OLD
2009-02-12 20:02 571,392 ac------ c:\windows\system32\dllcache\tintlgnt.ime
2009-02-12 20:01 78,848 ac------ c:\windows\system32\dllcache\dayi.ime
2009-02-12 20:00 2,577 a------- c:\windows\system32\CONFIG.NT
2009-02-12 20:00 0 a------- c:\windows\control.ini
2009-02-12 20:00 23,392 a------- c:\windows\system32\nscompat.tlb
2009-02-12 20:00 16,832 a------- c:\windows\system32\amcompat.tlb
2009-02-12 20:00 316,640 a------- c:\windows\WMSysPr9.prx
2009-02-12 19:59 <DIR> --dsh--- c:\documents and settings\all users.windows\DRM
2009-02-12 19:59 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-02-12 19:59 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-02-12 19:57 239,104 a------- c:\windows\system32\srrstr.dll
2009-02-12 19:56 5,632 ac------ c:\windows\system32\dllcache\write.exe
2009-02-12 14:53 3,072 a------- c:\windows\system32\drivers\audstub.sys
2009-02-12 14:52 57,600 a------- c:\windows\system32\drivers\redbook.sys
2009-02-12 14:51 74,240 a------- c:\windows\system32\usbui.dll
2009-02-12 14:49 <DIR> --d--r-- c:\documents and settings\all users.windows\Documents
2009-02-12 14:47 261 a------- c:\windows\system32\$winnt$.inf
2009-02-10 22:55 <DIR> --d----- c:\program files\JAM Software
2009-02-08 22:18 <DIR> --d----- C:\scthemes
2009-02-07 15:56 <DIR> --d----- c:\program files\NEATO
2009-02-07 15:54 <DIR> --d----- c:\program files\Lexmark Fax Solutions
2009-02-07 15:53 <DIR> --d----- c:\program files\Lexmark Tools for Office
2009-02-07 15:52 <DIR> --d----- c:\program files\Lexmark Toolbar
2009-02-07 15:51 <DIR> --d----- c:\program files\Lexmark 2600 Series
2009-02-07 15:07 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-02-06 14:16 <DIR> --d----- C:\VundoFix Backups
2009-02-05 00:38 <DIR> --d----- c:\windows\system32\NtmsData
2009-02-05 00:22 <DIR> --d----- c:\program files\MSConfig CleanUp
2009-02-04 10:35 <DIR> --d----- c:\program files\SopFilter
2009-02-04 10:31 <DIR> --d----- C:\ProgramData
2009-02-04 10:13 <DIR> --d----- c:\program files\Readon Technology
2009-01-30 21:02 <DIR> --d----- c:\program files\Jasc Software Inc
==================== Find3M ====================
2009-02-21 12:54 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-02-14 23:59 242,184 a------- c:\windows\system32\drivers\bdfsfltr.sys
2009-02-14 23:59 82,696 a------- c:\windows\system32\drivers\BDVEDISK.sys
2009-02-12 19:57 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-20 18:15 826,368 a------- c:\windows\system32\wininet.dll
2008-12-10 19:33 200,704 a------- c:\windows\system32\dtu100.dll
2008-12-10 19:33 86,016 a------- c:\windows\system32\dpl100.dll
2008-12-08 21:28 593,920 a------- c:\windows\system32\dpuGUI11.dll
2008-12-08 21:28 344,064 a------- c:\windows\system32\dpus11.dll
2008-12-08 21:28 294,912 a------- c:\windows\system32\dpu11.dll
2008-12-08 21:28 57,344 a------- c:\windows\system32\dpv11.dll
2007-02-12 19:10 2,682,880 -------- c:\documents and settings\all users.windows\VCREDI~3.EXE
============= FINISH: 21:58:43.09 ===============
And my gmer.txt file:
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2009-02-25 22:19:32
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.14 ----
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xB55B8BCE]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xB55B8CBC]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xB55B8B32]
---- Kernel code sections - GMER 1.0.14 ----
? C:\WINDOWS\TEMP\mc22.tmp The system cannot find the file specified. !
? System32\Drivers\41172c7a.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.14 ----
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[116] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[240] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[340] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[360] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe[420] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\System32\svchost.exe[476] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
.text C:\WINDOWS\System32\svchost.exe[476] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F05001E
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcLog.exe[616] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\nvsvc32.exe[636] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] user32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] user32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\sdhelp.exe[672] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1060] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\csrss.exe[1060] KERNEL32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\csrss.exe[1060] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\csrss.exe[1060] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[1084] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\services.exe[1128] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\services.exe[1128] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\services.exe[1128] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\services.exe[1128] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\lsass.exe[1140] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\lsass.exe[1140] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\lsass.exe[1140] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\lsass.exe[1140] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1316] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1316] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1316] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1384] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1384] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F08001E
.text C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe[1524] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F05001E
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\System32\svchost.exe[1556] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\System32\svchost.exe[1556] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\System32\svchost.exe[1556] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\svchost.exe[1556] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1648] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1648] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1648] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\NVIDIA~1\NETWOR~1\bin\nSvcIp.exe[1664] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\svchost.exe[1896] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\svchost.exe[1896] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\svchost.exe[1896] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\svchost.exe[1896] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, D0, 2B, 40, 60, E9, D1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, D8, B5, 41, 60, E9, 91, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 88, 65, 41, 60, E9, 01, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, F8, 64, 42, 60, E9, 11, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, A8, D7, 40, 60, E9, 11, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 38, AB, 41, 60, E9, 61, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, A8, 5A, 41, 60, E9, E1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 48, BB, 41, 60, E9, B1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 58, A0, 41, 60, E9, 81, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, C8, A5, 41, 60, E9, E1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, A8, 6D, 40, 60, E9, B1, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 18, 60, 41, 60, E9, 01, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes CALL 65F26F97
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 68, 6A, 42, 60, E9, 71, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, C0, C8, 41, 60, E9, 12, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 50, C3, 41, 60, E9, 74, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 38, 91, 40, 60, E9, 53, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, B0, 36, 40, 60, E9, 8F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 28, 80, 42, 60, E9, BF, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, F8, E5, 40, 60, E9, 2D, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, B8, 7A, 42, 60, E9, F8, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 40, 31, 40, 60, E9, 28, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 28, EF, 40, 60, E9, 1F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 30, CE, 41, 60, E9, 9F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, A0, CF, 40, 60, E9, 76, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes CALL 65E1D93C
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 48, 75, 42, 60, E9, 6C, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 20, 3C, 40, 60, E9, 4C, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 98, 85, 42, 60, E9, 10, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 88, A1, 40, 60, E9, 57, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 48, 0F, 41, 60, E9, 44, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 18, 9C, 40, 60, E9, BD, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 68, 45, 41, 60, E9, 29, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, D8, 4A, 41, 60, E9, DA, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 88, 3A, 41, 60, E9, 73, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, F8, 3F, 41, 60, E9, 50, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, D8, B1, 40, 60, E9, F3, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!connect 71AB4A07 10 Bytes JMP 5FE96041
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!send 71AB4C27 10 Bytes [ 68, C8, E2, 41, 60, E9, 3F, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] WS2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 48, B7, 40, 60, E9, 11, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, C8, F9, 40, 60, E9, 6B, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 90, 6D, 41, 60, E9, 89, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 08, 7B, 41, 60, E9, 89, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 00, 73, 41, 60, E9, 30, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes CALL 6143AFCB
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 78, 80, 41, 60, E9, 8D, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 38, FF, 40, 60, E9, 7D, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, A8, 04, 41, 60, E9, E5, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 28, C2, 40, 60, E9, AD, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, 98, C7, 40, 60, E9, 74, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 68, AC, 40, 60, E9, 9B, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 38, 2A, 41, 60, E9, A0, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 18, 35, 41, 60, E9, CB, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, C8, 24, 41, 60, E9, 3B, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, C8, 8B, 40, 60, E9, 57, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, A8, 2F, 41, 60, E9, 26, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, F8, A6, 40, 60, E9, 69, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 58, 86, 40, 60, E9, 55, ... ]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1976] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, B8, BC, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2020] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2180] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2180] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\Explorer.EXE[2180] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\Explorer.EXE[2180] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2180] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\Explorer.EXE[2180] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\RunDLL32.exe[2568] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\RTHDCPL.EXE[2772] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[2856] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[2880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Winamp\winampa.exe[2904] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Winamp\winampa.exe[2904] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Winamp\winampa.exe[2904] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Winamp\winampa.exe[2904] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Winamp\winampa.exe[2904] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Winamp\winampa.exe[2904] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2932] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[2944] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\swdoctor.exe[2952] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[2988] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\OEM\11bg PCI&Cardbus Wireless LAN Utility\RtWLan.exe[3004] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\PROGRA~1\Magentic\bin\MgApp.exe[3016] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[3152] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\WinZip\WZQKPICK.EXE[3536] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes [ B5, 53, 7F, E2 ]
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text c:\program files\bitdefender\bitdefender 2009\seccenter.exe[3680] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[3688] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\scthemes\scthemes.exe[3768] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\scthemes\scthemes.exe[3768] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\scthemes\scthemes.exe[3768] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\scthemes\scthemes.exe[3768] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\scthemes\scthemes.exe[3768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\scthemes\scthemes.exe[3768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F150F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F110F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0E0F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Thoosje Vista Sidebar\Thoosje Sidebar.exe[3776] GDI32.dll!Escape 77F26F5A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, E0, 2E, 40, 60, E9, D1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes CALL 65F11292
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 98, 68, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 10, 70, 42, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, B8, DA, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 48, AE, 41, 60, E9, 61, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, B8, 5D, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 58, BE, 41, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 68, A3, 41, 60, E9, 81, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, D8, A8, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, B8, 70, 40, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 28, 63, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\taskmgr.exe[4780] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, F8, 1C, 41, 60, E9, ED, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 80, 75, 42, 60, E9, 71, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, D8, D3, 41, 60, E9, 12, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 68, CE, 41, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 48, 94, 40, 60, E9, 53, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C0, 39, 40, 60, E9, 8F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 40, 8B, 42, 60, E9, BF, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateEventW 7C80A739 10 Bytes JMP AA6A077E
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D0, 85, 42, 60, E9, F8, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 50, 34, 40, 60, E9, 28, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 38, F2, 40, 60, E9, 1F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 60, C6, 41, 60, E9, 59, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 48, D9, 41, 60, E9, 9F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, B0, D2, 40, 60, E9, 76, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 60, 80, 42, 60, E9, 6C, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 30, 3F, 40, 60, E9, 4C, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B0, 90, 42, 60, E9, 10, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 98, A4, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 58, 12, 41, 60, E9, 44, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 28, 9F, 40, 60, E9, BD, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 78, 48, 41, 60, E9, 29, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes CALL 65E76BDE
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 98, 3D, 41, 60, E9, 73, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 08, 43, 41, 60, E9, 50, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, D8, FC, 40, 60, E9, 6B, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, A0, 70, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 18, 7E, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 10, 76, 41, 60, E9, 30, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, F8, 88, 41, 60, E9, 25, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 88, 83, 41, 60, E9, 8D, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 48, 02, 41, 60, E9, 7D, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, B8, 07, 41, 60, E9, E5, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 78, AF, 40, 60, E9, 9B, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 48, 2D, 41, 60, E9, A0, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 28, 38, 41, 60, E9, CB, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, D8, 27, 41, 60, E9, 3B, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, D8, 8E, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, B8, 32, 41, 60, E9, 26, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 08, AA, 40, 60, E9, 69, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 68, 89, 40, 60, E9, 55, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, C8, BF, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes CALL 5B0B532C
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!connect 71AB4A07 10 Bytes CALL 5B0B8C01
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!send 71AB4C27 10 Bytes [ 68, E0, ED, 41, 60, E9, 3F, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] WS2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 58, BA, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 38, C5, 40, 60, E9, AD, ... ]
.text C:\WINDOWS\system32\taskmgr.exe[4780] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, A8, CA, 40, 60, E9, 74, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, 70, 2F, 40, 60, E9, D1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 78, B2, 41, 60, E9, 91, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 28, 62, 41, 60, E9, 01, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 20, 66, 42, 60, E9, 11, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, 48, D4, 40, 60, E9, 11, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, D8, A7, 41, 60, E9, 61, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, 48, 57, 41, 60, E9, E1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes CALL 65F11771
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, F8, 9C, 41, 60, E9, 81, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 68, A2, 41, 60, E9, E1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, 48, 71, 40, 60, E9, B1, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, B8, 5C, 41, 60, E9, 01, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\QuickTime\qttask.exe[5684] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 88, 16, 41, 60, E9, ED, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 90, 6B, 42, 60, E9, 71, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 68, CD, 41, 60, E9, 12, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, F8, C7, 41, 60, E9, 74, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, D8, 94, 40, 60, E9, 53, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 50, 3A, 40, 60, E9, 8F, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 50, 81, 42, 60, E9, BF, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 98, E2, 40, 60, E9, 2D, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, E0, 7B, 42, 60, E9, F8, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, E0, 34, 40, 60, E9, 28, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, C8, EB, 40, 60, E9, 1F, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, F0, BF, 41, 60, E9, 59, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, D8, D2, 41, 60, E9, 9F, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 40, CC, 40, 60, E9, 76, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 70, 76, 42, 60, E9, 6C, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, C0, 3F, 40, 60, E9, 4C, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, C0, 86, 42, 60, E9, 10, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 28, A5, 40, 60, E9, 57, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes CALL 65E5EB32
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, B8, 9F, 40, 60, E9, BD, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 08, 42, 41, 60, E9, 29, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 78, 47, 41, 60, E9, DA, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 28, 37, 41, 60, E9, 73, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 98, 3C, 41, 60, E9, 50, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 08, B0, 40, 60, E9, 9B, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, D8, 26, 41, 60, E9, A0, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, B8, 31, 41, 60, E9, CB, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 68, 21, 41, 60, E9, 3B, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 68, 8F, 40, 60, E9, 57, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 48, 2C, 41, 60, E9, 26, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 98, AA, 40, 60, E9, 69, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, F8, 89, 40, 60, E9, 55, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, D8, BC, 40, 60, E9, A3, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 68, F6, 40, 60, E9, 6B, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 30, 6A, 41, 60, E9, 89, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, A8, 77, 41, 60, E9, 89, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, A0, 6F, 41, 60, E9, 30, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 88, 82, 41, 60, E9, 25, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 18, 7D, 41, 60, E9, 8D, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, D8, FB, 40, 60, E9, 7D, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 48, 01, 41, 60, E9, E5, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 48, C2, 40, 60, E9, AD, ... ]
.text C:\Program Files\QuickTime\qttask.exe[5684] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, F8, C5, 40, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, E0, 2E, 40, 60, E9, D1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 68, B5, 41, 60, E9, 91, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 18, 65, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 18, 69, 42, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, 38, D7, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, C8, AA, 41, 60, E9, 61, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, 38, 5A, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, D8, BA, 41, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes CALL 65F11789
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 58, A5, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, B8, 70, 40, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, A8, 5F, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\wuauclt.exe[8488] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 78, 19, 41, 60, E9, ED, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 88, 6E, 42, 60, E9, 71, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 58, D0, 41, 60, E9, 12, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes CALL 65E060C1
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 48, 94, 40, 60, E9, 53, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C0, 39, 40, 60, E9, 8F, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 48, 84, 42, 60, E9, BF, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 88, E5, 40, 60, E9, 2D, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D8, 7E, 42, 60, E9, F8, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 50, 34, 40, 60, E9, 28, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, B8, EE, 40, 60, E9, 1F, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, E0, C2, 41, 60, E9, 59, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, C8, D5, 41, 60, E9, 9F, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 30, CF, 40, 60, E9, 76, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 68, 79, 42, 60, E9, 6C, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 30, 3F, 40, 60, E9, 4C, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B8, 89, 42, 60, E9, 10, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 98, A4, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, D8, 0E, 41, 60, E9, 44, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 28, 9F, 40, 60, E9, BD, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, F8, 44, 41, 60, E9, 29, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 68, 4A, 41, 60, E9, DA, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 18, 3A, 41, 60, E9, 73, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 88, 3F, 41, 60, E9, 50, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, B8, C1, 40, 60, E9, AD, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, 28, C7, 40, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 58, F9, 40, 60, E9, 6B, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 20, 6D, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 98, 7A, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 90, 72, 41, 60, E9, 30, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 78, 85, 41, 60, E9, 25, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 08, 80, 41, 60, E9, 8D, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, C8, FE, 40, 60, E9, 7D, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 38, 04, 41, 60, E9, E5, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 78, AF, 40, 60, E9, 9B, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, C8, 29, 41, 60, E9, A0, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, A8, 34, 41, 60, E9, CB, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 58, 24, 41, 60, E9, 3B, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, D8, 8E, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 38, 2F, 41, 60, E9, 26, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 08, AA, 40, 60, E9, 69, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 68, 89, 40, 60, E9, 55, ... ]
.text C:\WINDOWS\system32\wuauclt.exe[8488] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, 48, BC, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes CALL 660F7FC4
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, F0, B4, B0, 7E, E9, 91, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, A0, 64, B0, 7E, E9, 01, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 10, 64, B1, 7E, E9, 11, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, C0, D6, AF, 7E, E9, 11, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 50, AA, B0, 7E, E9, 61, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, C0, 59, B0, 7E, E9, E1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 60, BA, B0, 7E, E9, B1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 70, 9F, B0, 7E, E9, 81, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, E0, A4, B0, 7E, E9, E1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, C0, 6C, AF, 7E, E9, B1, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 30, 5F, B0, 7E, E9, 01, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 00ACC56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 00, 19, B0, 7E, E9, ED, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 80, 69, B1, 7E, E9, 71, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, D8, C7, B0, 7E, E9, 12, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 68, C2, B0, 7E, E9, 74, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 50, 90, AF, 7E, E9, 53, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C8, 35, AF, 7E, E9, 8F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 40, 7F, B1, 7E, E9, BF, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 10, E5, AF, 7E, E9, 2D, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D0, 79, B1, 7E, E9, F8, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 58, 30, AF, 7E, E9, 28, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 40, EE, AF, 7E, E9, 1F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 00ACC56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 48, CD, B0, 7E, E9, 9F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, B8, CE, AF, 7E, E9, 76, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 00ACC56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 60, 74, B1, 7E, E9, 6C, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 38, 3B, AF, 7E, E9, 4C, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B0, 84, B1, 7E, E9, 10, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, A0, A0, AF, 7E, E9, 57, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 60, 0E, B0, 7E, E9, 44, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 30, 9B, AF, 7E, E9, BD, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 80, 44, B0, 7E, E9, 29, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, F0, 49, B0, 7E, E9, DA, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, A0, 39, B0, 7E, E9, 73, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 10, 3F, B0, 7E, E9, 50, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, E0, F8, AF, 7E, E9, 6B, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, A8, 6C, B0, 7E, E9, 89, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 20, 7A, B0, 7E, E9, 89, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 18, 72, B0, 7E, E9, 30, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 00, 85, B0, 7E, E9, 25, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 90, 7F, B0, 7E, E9, 8D, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 50, FE, AF, 7E, E9, 7D, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, C0, 03, B0, 7E, E9, E5, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 80, AB, AF, 7E, E9, 9B, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 50, 29, B0, 7E, E9, A0, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 30, 34, B0, 7E, E9, CB, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, E0, 23, B0, 7E, E9, 3B, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, E0, 8A, AF, 7E, E9, 57, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, C0, 2E, B0, 7E, E9, 26, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 10, A6, AF, 7E, E9, 69, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 70, 85, AF, 7E, E9, 55, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, D0, BB, AF, 7E, E9, A3, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 40, C1, AF, 7E, E9, AD, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, B0, C6, AF, 7E, E9, 74, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, F0, B0, AF, 7E, E9, F3, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!connect 71AB4A07 10 Bytes CALL 5B29FAF5
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!send 71AB4C27 10 Bytes [ 68, E0, E1, B0, 7E, E9, 3F, ... ]
.text C:\WINDOWS\system32\SearchIndexer.exe[8964] WS2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 60, B6, AF, 7E, E9, 11, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, D0, 48, 42, 60, E9, 11, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 80, 8A, 41, 60, E9, 61, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, B0, 42, 41, 60, E9, E1, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 90, 9A, 41, 60, E9, B1, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, A0, 7F, 41, 60, E9, 81, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 10, 85, 41, 60, E9, E1, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, F0, 08, 41, 60, E9, ED, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 18, B0, 41, 60, E9, 12, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, A8, AA, 41, 60, E9, 74, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, C0, 91, 40, 60, E9, 53, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, B8, 3A, 40, 60, E9, 8F, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 00, 64, 42, 60, E9, BF, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 40, DA, 40, 60, E9, 2D, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 48, 35, 40, 60, E9, 28, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 70, E3, 40, 60, E9, 1F, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, A0, A2, 41, 60, E9, 59, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 88, B5, 41, 60, E9, 9F, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 20, 59, 42, 60, E9, 6C, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 70, 69, 42, 60, E9, 10, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 10, A2, 40, 60, E9, 57, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 50, FE, 40, 60, E9, 44, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, A0, 9C, 40, 60, E9, BD, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, 70, 2D, 41, 60, E9, 29, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, E0, 32, 41, 60, E9, DA, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 90, 22, 41, 60, E9, 73, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 00, 28, 41, 60, E9, 50, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PostMessageW 7E418CCB 10 Bytes [ 68, 30, AB, 40, 60, E9, 9B, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!GetMessageW 7E4191C6 10 Bytes [ 68, 80, 17, 41, 60, E9, A0, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PeekMessageW 7E41929B 10 Bytes [ 68, E0, 1E, 41, 60, E9, CB, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!GetMessageA 7E42772B 10 Bytes [ 68, D0, 13, 41, 60, E9, 3B, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 10, 8E, 40, 60, E9, 57, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PeekMessageA 7E42A340 10 Bytes [ 68, 30, 1B, 41, 60, E9, 26, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!PostMessageA 7E42AAFD 10 Bytes [ 68, 80, A7, 40, 60, E9, 69, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!SetWindowsHookExA 7E431211 10 Bytes [ 68, 60, 8A, 40, 60, E9, 55, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] USER32.DLL!DdeConnect 7E4581C3 10 Bytes [ 68, 40, B6, 40, 60, E9, A3, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 10, EE, 40, 60, E9, 6B, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 98, 55, 41, 60, E9, 89, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 90, 5F, 41, 60, E9, 89, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 48, 59, 41, 60, E9, 30, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, F0, 66, 41, 60, E9, 25, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 40, 63, 41, 60, E9, 8D, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, C0, F1, 40, 60, E9, 7D, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 70, F5, 40, 60, E9, E5, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, F0, B9, 40, 60, E9, AD, ... ]
.text C:\Documents and Settings\Administrator.DANNY2\Desktop\gmer.exe[10496] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, A0, BD, 40, 60, E9, 74, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, E0, 2E, 40, 60, E9, D1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 68, B5, 41, 60, E9, 91, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, 18, 65, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 18, 69, 42, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, 38, D7, 40, 60, E9, 11, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, C8, AA, 41, 60, E9, 61, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, 38, 5A, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, D8, BA, 41, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes CALL 65F11789
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 58, A5, 41, 60, E9, E1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, B8, 70, 40, 60, E9, B1, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, A8, 5F, 41, 60, E9, 01, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\notepad.exe[10732] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 78, 19, 41, 60, E9, ED, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 88, 6E, 42, 60, E9, 71, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 58, D0, 41, 60, E9, 12, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes CALL 65E060C1
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 48, 94, 40, 60, E9, 53, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, C0, 39, 40, 60, E9, 8F, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 48, 84, 42, 60, E9, BF, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 88, E5, 40, 60, E9, 2D, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, D8, 7E, 42, 60, E9, F8, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 50, 34, 40, 60, E9, 28, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, B8, EE, 40, 60, E9, 1F, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, E0, C2, 41, 60, E9, 59, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, C8, D5, 41, 60, E9, 9F, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, 30, CF, 40, 60, E9, 76, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 68, 79, 42, 60, E9, 6C, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 30, 3F, 40, 60, E9, 4C, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, B8, 89, 42, 60, E9, 10, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 98, A4, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, D8, 0E, 41, 60, E9, 44, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 28, 9F, 40, 60, E9, BD, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, F8, 44, 41, 60, E9, 29, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 68, 4A, 41, 60, E9, DA, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, 18, 3A, 41, 60, E9, 73, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 88, 3F, 41, 60, E9, 50, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 58, F9, 40, 60, E9, 6B, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, 20, 6D, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 98, 7A, 41, 60, E9, 89, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 90, 72, 41, 60, E9, 30, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 78, 85, 41, 60, E9, 25, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, 08, 80, 41, 60, E9, 8D, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, C8, FE, 40, 60, E9, 7D, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, 38, 04, 41, 60, E9, E5, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 78, AF, 40, 60, E9, 9B, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, C8, 29, 41, 60, E9, A0, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, A8, 34, 41, 60, E9, CB, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 58, 24, 41, 60, E9, 3B, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, D8, 8E, 40, 60, E9, 57, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 38, 2F, 41, 60, E9, 26, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 08, AA, 40, 60, E9, 69, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 68, 89, 40, 60, E9, 55, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, 48, BC, 40, 60, E9, A3, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, B8, C1, 40, 60, E9, AD, ... ]
.text C:\WINDOWS\system32\notepad.exe[10732] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, 28, C7, 40, 60, E9, 74, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, 88, 2F, 40, 60, E9, D1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 10, B6, 41, 60, E9, 91, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, C0, 65, 41, 60, E9, 01, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, 38, 6D, 42, 60, E9, 11, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtLoadDriver + 5 7C90D455 10 Bytes [ 68, E0, D7, 40, 60, E9, 11, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 70, AB, 41, 60, E9, 61, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtOpenFile + 5 7C90D585 10 Bytes [ 68, E0, 5A, 41, 60, E9, E1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, 80, BB, 41, 60, E9, B1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, 90, A0, 41, 60, E9, 81, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtQueueApcThread + 5 7C90D985 1 Byte [ 68 ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtQueueApcThread + 7 7C90D987 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtSetValueKey + 5 7C90DDB5 10 Bytes [ 68, 60, 71, 40, 60, E9, B1, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 50, 60, 41, 60, E9, 01, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 20, 1A, 41, 60, E9, ED, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, A8, 72, 42, 60, E9, 71, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 00, D1, 41, 60, E9, 12, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, 90, CB, 41, 60, E9, 74, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, F0, 94, 40, 60, E9, 53, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 68, 3A, 40, 60, E9, 8F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 68, 88, 42, 60, E9, BF, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 30, E6, 40, 60, E9, 2D, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, F8, 82, 42, 60, E9, F8, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, F8, 34, 40, 60, E9, 28, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 60, EF, 40, 60, E9, 1F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, 88, C3, 41, 60, E9, 59, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 70, D6, 41, 60, E9, 9F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, D8, CF, 40, 60, E9, 76, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 88, 7D, 42, 60, E9, 6C, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, D8, 3F, 40, 60, E9, 4C, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, D8, 8D, 42, 60, E9, 10, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, 40, A5, 40, 60, E9, 57, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, 80, 0F, 41, 60, E9, 44, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, D0, 9F, 40, 60, E9, BD, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, A0, 45, 41, 60, E9, 29, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 10, 4B, 41, 60, E9, DA, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, C0, 3A, 41, 60, E9, 73, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 30, 40, 41, 60, E9, 50, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 00, FA, 40, 60, E9, 6B, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!OpenServiceW 77DE6FDD 10 Bytes [ 68, C8, 6D, 41, 60, E9, 89, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!ControlService 77DF49DD 10 Bytes [ 68, 40, 7B, 41, 60, E9, 89, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!OpenServiceA 77DF4C36 10 Bytes [ 68, 38, 73, 41, 60, E9, 30, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 20, 86, 41, 60, E9, 25, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, B0, 80, 41, 60, E9, 8D, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!CreateServiceA 77E371E9 10 Bytes [ 68, 70, FF, 40, 60, E9, 7D, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ADVAPI32.dll!CreateServiceW 77E37381 10 Bytes [ 68, E0, 04, 41, 60, E9, E5, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, 20, B0, 40, 60, E9, 9B, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 70, 2A, 41, 60, E9, A0, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 50, 35, 41, 60, E9, CB, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 42F0F341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 00, 25, 41, 60, E9, 3B, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 80, 8F, 40, 60, E9, 57, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, E0, 2F, 41, 60, E9, 26, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, B0, AA, 40, 60, E9, 69, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, 10, 8A, 40, 60, E9, 55, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 430A187F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 430A1800 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 430A1844 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 430A178C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 430A17C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 430A18BA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, F0, BC, 40, 60, E9, A3, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 42F316F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 60, C2, 40, 60, E9, AD, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, D0, C7, 40, 60, E9, 74, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, 90, B5, 40, 60, E9, F3, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!connect 71AB4A07 10 Bytes [ 68, D0, F4, 41, 60, E9, 5F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!send 71AB4C27 10 Bytes [ 68, 88, EE, 41, 60, E9, 3F, ... ]
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[11248] ws2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, 40, B9, 40, 60, E9, 11, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtCreateFile + 5 7C90D095 10 Bytes [ 68, 28, 30, 40, 60, E9, D1, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtCreateKey + 5 7C90D0D5 10 Bytes [ 68, 30, B3, 41, 60, E9, 91, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtCreateSection + 5 7C90D165 10 Bytes [ 68, E0, 62, 41, 60, E9, 01, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtDeleteValueKey + 5 7C90D255 10 Bytes [ 68, D8, 66, 42, 60, E9, 11, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtLoadDriver + 5 7C90D455 1 Byte [ 68 ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtLoadDriver + 7 7C90D457 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtMapViewOfSection + 5 7C90D505 10 Bytes [ 68, 90, A8, 41, 60, E9, 61, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenFile + 5 7C90D585 1 Byte [ 68 ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenFile + 7 7C90D587 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenKey + 5 7C90D5B5 10 Bytes [ 68, A0, B8, 41, 60, E9, B1, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtOpenProcess + 5 7C90D5E5 10 Bytes [ 68, B0, 9D, 41, 60, E9, 81, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtQueueApcThread + 5 7C90D985 10 Bytes [ 68, 20, A3, 41, 60, E9, E1, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtSetValueKey + 5 7C90DDB5 1 Byte [ 68 ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtSetValueKey + 7 7C90DDB7 8 Bytes JMP 6000C56D C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!NtWriteFile + 5 7C90DF65 10 Bytes [ 68, 70, 5D, 41, 60, E9, 01, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!LdrLoadDll + 1 7C9163A4 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ntdll.dll!RtlCreateProcessParameters 7C922E79 10 Bytes [ 68, 40, 17, 41, 60, E9, ED, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!LoadLibraryExW 7C801AF5 10 Bytes [ 68, 48, 6C, 42, 60, E9, 71, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!GetStartupInfoW 7C801E54 10 Bytes [ 68, 20, CE, 41, 60, E9, 12, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!GetStartupInfoA 7C801EF2 10 Bytes [ 68, B0, C8, 41, 60, E9, 74, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!WriteProcessMemory 7C802213 10 Bytes [ 68, 90, 95, 40, 60, E9, 53, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CloseHandle 7C809BD7 10 Bytes [ 68, 08, 3B, 40, 60, E9, 8F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!SetEvent 7C80A0A7 10 Bytes [ 68, 08, 82, 42, 60, E9, BF, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateEventW 7C80A739 10 Bytes [ 68, 50, E3, 40, 60, E9, 2D, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!FreeLibrary 7C80AC6E 10 Bytes [ 68, 98, 7C, 42, 60, E9, F8, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!GetModuleFileNameA + DF 7C80B63E 10 Bytes [ 68, 98, 35, 40, 60, E9, 28, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateMutexW 7C80E947 10 Bytes [ 68, 80, EC, 40, 60, E9, 1F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!FindFirstFileExW 7C80EB0D 10 Bytes [ 68, A8, C0, 41, 60, E9, 59, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateRemoteThread + 1 7C8104BD 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateThread 7C8106C7 10 Bytes [ 68, 90, D3, 41, 60, E9, 9F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateFileW 7C8107F0 10 Bytes [ 68, F8, CC, 40, 60, E9, 76, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CreateProcessInternalW + 1 7C81979D 9 Bytes JMP 6000C56C C:\Program Files\BitDefender\BitDefender 2009\BitDefender InnerFire\midas32-v1_000\midas32.dll (BitDefender BehavioralScanner Filtering Library/BitDefender S.R.L. Bucharest, ROMANIA)
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ExitProcess 7C81CAFA 10 Bytes [ 68, 28, 77, 42, 60, E9, 6C, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CopyFileExW 7C827B1A 10 Bytes [ 68, 78, 40, 40, 60, E9, 4C, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!PulseEvent 7C82C056 10 Bytes [ 68, 78, 87, 42, 60, E9, 10, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ResumeThread 7C83290F 10 Bytes [ 68, E0, A5, 40, 60, E9, 57, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!CheckRemoteDebuggerPresent 7C85AA22 10 Bytes [ 68, A0, 0C, 41, 60, E9, 44, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!SetThreadContext 7C863AA9 10 Bytes [ 68, 70, A0, 40, 60, E9, BD, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleA 7C872A3D 10 Bytes [ 68, C0, 42, 41, 60, E9, 29, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleW 7C872A8C 10 Bytes [ 68, 30, 48, 41, 60, E9, DA, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleInputA 7C8744F3 10 Bytes [ 68, E0, 37, 41, 60, E9, 73, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] kernel32.dll!ReadConsoleInputW 7C874516 10 Bytes [ 68, 50, 3D, 41, 60, E9, 50, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!RegQueryValueExW + 10C 77DD70FB 10 Bytes [ 68, 20, F7, 40, 60, E9, 6B, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!OpenServiceW 77DE6FDD 10 Bytes CALL 613EB14C
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!ControlService 77DF49DD 10 Bytes [ 68, 60, 78, 41, 60, E9, 89, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!OpenServiceA 77DF4C36 10 Bytes [ 68, 58, 70, 41, 60, E9, 30, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!ChangeServiceConfigA 77E36E41 10 Bytes [ 68, 40, 83, 41, 60, E9, 25, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!ChangeServiceConfigW 77E36FD9 10 Bytes [ 68, D0, 7D, 41, 60, E9, 8D, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!CreateServiceA 77E371E9 10 Bytes [ 68, 90, FC, 40, 60, E9, 7D, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ADVAPI32.DLL!CreateServiceW 77E37381 10 Bytes [ 68, 00, 02, 41, 60, E9, E5, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PostMessageW 7E418CCB 10 Bytes [ 68, C0, B0, 40, 60, E9, 9B, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!GetMessageW 7E4191C6 10 Bytes [ 68, 90, 27, 41, 60, E9, A0, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PeekMessageW 7E41929B 10 Bytes [ 68, 70, 32, 41, 60, E9, CB, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!GetMessageA 7E42772B 10 Bytes [ 68, 20, 22, 41, 60, E9, 3B, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!SetWindowsHookExW 7E42820F 10 Bytes [ 68, 20, 90, 40, 60, E9, 57, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PeekMessageA 7E42A340 10 Bytes [ 68, 00, 2D, 41, 60, E9, 26, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!PostMessageA 7E42AAFD 10 Bytes [ 68, 50, AB, 40, 60, E9, 69, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!SetWindowsHookExA 7E431211 10 Bytes [ 68, B0, 8A, 40, 60, E9, 55, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] USER32.dll!DdeConnect 7E4581C3 10 Bytes [ 68, 90, BD, 40, 60, E9, A3, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ole32.dll!CoTaskMemAlloc + 59 774FD0B9 10 Bytes [ 68, 00, C3, 40, 60, E9, AD, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ole32.dll!CLSIDFromProgID 775187F2 10 Bytes [ 68, B0, C6, 40, 60, E9, 74, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!WEP + FFFEF156 71AB1273 10 Bytes [ 68, 30, B6, 40, 60, E9, F3, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!connect 71AB4A07 10 Bytes [ 68, 70, EE, 41, 60, E9, 5F, ... ]
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!send 71AB4C27 10 Bytes CALL B194AC6D
.text C:\DOCUME~1\ADMINI~1.DAN\LOCALS~1\Temp\h11y7c.exe[11724] ws2_32.dll!WSAStartup 71AB6A55 10 Bytes [ 68, E0, B9, 40, 60, E9, 11, ... ]
---- User IAT/EAT - GMER 1.0.14 ----
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\advapi32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\sdhelp.exe[672] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [0042AA50] C:\Program Files\Spyware Doctor\sdhelp.exe (PC Tools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
IAT C:\Program Files\Spyware Doctor\swdoctor.exe[2952] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!CreateThread] [00424F7C] C:\Program Files\Spyware Doctor\swdoctor.exe (Spyware Doctor/PCTools)
---- Devices - GMER 1.0.14 ----
AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
---- Threads - GMER 1.0.14 ----
Thread 4:3560 B31E7AB0
Thread 4:4524 B32FDAB0
---- EOF - GMER 1.0.14 ----
And my attache.txt file is atached
Thank you again.
Danny
You do not have the required permissions to view the files attached to this post.