Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HIJACK THIS - THRILLASTILLA

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HIJACK THIS - THRILLASTILLA

Unread postby 'KotaGuy » February 6th, 2008, 9:52 am

Was there any error message returned when you tried the command? If the rootkit driver is still active you won't be able to see the file as it hidden from the Windows API.

Download F-Secure Blacklight (fsbl.exe) to the desktop from here.

Open it and click Accept Agreement.
Click Scan.
After the scan is complete, click Next, then Exit.
It will create a log on the desktop named fsbl-xxxxxxx.log (the xxxxxxx will be the date and time of the scan)
Save the log to your desktop.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Re: HIJACK THIS - THRILLASTILLA

Unread postby thrillastilla » February 7th, 2008, 5:32 am

It siad no hidden files were found, but I'll just post the log, thanx...
You do not have the required permissions to view the files attached to this post.
thrillastilla
Active Member
 
Posts: 14
Joined: January 21st, 2008, 2:04 pm

Re: HIJACK THIS - THRILLASTILLA

Unread postby 'KotaGuy » February 7th, 2008, 10:08 am

OK... perhaps the Rootkit driver isn't there... I would like you to do one more scan just to be sure though.

Please download gmer.zip from Gmer and save it to your desktop.

  1. Right click on gmer.zip and select Extract All....
  2. Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  3. Click on the Browse button. Click on Desktop. Then click OK.
  4. Click Next. It will start extracting.
  5. Once done, check (tick) the Show extracted files box and click Finish.
  6. Double click on gmer.exe to run it.
  7. Select the Rootkit tab.
  8. On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  9. Select all drives that are connected to your system to be scanned.
  10. Click on the Scan button.
  11. When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  12. Open Notepad or a similar text editor.
  13. Paste the clipboard contents into the text editor.
  14. Save the Gmer scan log and post it in your next reply.
  15. Close Gmer.
  16. Open Command Prompt by going to Start > Run and type in cmd. Press Enter.
  17. In Command Prompt, type in net stop gmer. Press Enter.
  18. Type in exit to close Command Prompt.

Note: Do not run any programs while Gmer is running.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: HIJACK THIS - THRILLASTILLA

Unread postby thrillastilla » February 7th, 2008, 11:45 am

Ok, here's the log I copied from gmer scan.. However, upon closing gmerand going to cmd and typing "net stop gmer", the following message showed after I pressed enter:
System error 1060 has occurred.

The specified service does not exist as an installed service.
thrillastilla
Active Member
 
Posts: 14
Joined: January 21st, 2008, 2:04 pm

Re: HIJACK THIS - THRILLASTILLA

Unread postby thrillastilla » February 7th, 2008, 11:52 am

Here's the log...



GMER 1.0.14.14116 - http://www.gmer.net
Rootkit scan 2008-02-07 09:38:24
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\system32\drivers\pctmp.sys (Memory Monitor Driver/PCTools Research Pty Ltd.) ZwAllocateVirtualMemory [0xBAA0AEEC]
SSDT \SystemRoot\system32\drivers\mmrtkrnl.sys (MMRTKRNL.SYS/ALCATech GmbH) ZwClose [0xB9F54CA6]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwCreateKey [0xBA91D806]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcess [0xB6FC8794]
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwCreateProcessEx [0xB6FC8F1E]
SSDT 84358628 ZwCreateThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteKey [0xBA91DA08]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwDeleteValueKey [0xBA91DAD2]
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwOpenKey [0xBA91D6EE]
SSDT \SystemRoot\system32\drivers\pctmp.sys (Memory Monitor Driver/PCTools Research Pty Ltd.) ZwProtectVirtualMemory [0xBAA0B27E]
SSDT 843583D0 ZwQueueApcThread
SSDT 84358268 ZwReadVirtualMemory
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwRenameKey [0xB6FCD12A]
SSDT 843584C0 ZwSetContextThread
SSDT 843603F0 ZwSetInformationKey
SSDT 84358718 ZwSetInformationProcess
SSDT 84358538 ZwSetInformationThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwSetValueKey [0xBA91DC8A]
SSDT 843586A0 ZwSuspendProcess
SSDT 84358448 ZwSuspendThread
SSDT TfSysMon.sys (ThreatFire System Monitor/PC Tools) ZwTerminateProcess [0xBA91F166]
SSDT 843585B0 ZwTerminateThread
SSDT \SystemRoot\system32\drivers\iksysflt.sys (System Filter Device Driver/PCTools Research Pty Ltd.) ZwWriteVirtualMemory [0xB6FC7384]

INT 0x06 \??\C:\WINDOWS\System32\drivers\Haspnt.sys B595616D
INT 0x0E \??\C:\WINDOWS\System32\drivers\Haspnt.sys B5955FC2

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.14 ----

.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[148] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[148] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\System32\svchost.exe[148] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[148] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[384] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ 5F, 98, C3, 83 ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\ThreatFire\TFService.exe[656] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\ThreatFire\TFService.exe[656] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\ThreatFire\TFService.exe[656] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\ThreatFire\TFService.exe[656] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[716] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ FF, FB, C3, 83 ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\csrss.exe[920] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\csrss.exe[920] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[920] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[920] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\winlogon.exe[944] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\winlogon.exe[944] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[944] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[944] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7F, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\services.exe[988] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\services.exe[988] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F810F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F780F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7B0F5A
.text C:\WINDOWS\system32\services.exe[988] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\services.exe[988] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\lsass.exe[1000] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\lsass.exe[1000] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\lsass.exe[1000] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 6F, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 5A, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F620F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F5C0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F5F0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F530F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F710F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F650F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F680F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F6B0F5A
.text C:\Documents and Settings\Stills\Desktop\gmer.exe[1064] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\svchost.exe[1168] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\svchost.exe[1168] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\svchost.exe[1168] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[1248] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\svchost.exe[1288] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\svchost.exe[1288] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\svchost.exe[1288] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\$sys$filesystem\$sys$DRMServer.exe[1344] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 80, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1412] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F750F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F790F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[1412] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1444] shell32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1480] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\svchost.exe[1480] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[1480] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\Explorer.EXE[1580] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\Explorer.EXE[1580] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F800F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F7A0F5A
.text C:\WINDOWS\Explorer.EXE[1580] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\Explorer.EXE[1580] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 6F, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 5A, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F650F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\CDProxyServ.exe[1668] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 6F, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 5A, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F650F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\MsPMSPSv.exe[1740] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\svchost.exe[1816] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\svchost.exe[1816] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\svchost.exe[1816] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\LEXBCES.EXE[1996] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\LEXPPS.EXE[2032] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\system32\spoolsv.exe[2040] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\WINDOWS\System32\alg.exe[2384] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\WINDOWS\System32\alg.exe[2384] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\WINDOWS\System32\alg.exe[2384] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\WINDOWS\System32\alg.exe[2384] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\WINDOWS\System32\alg.exe[2384] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtClose 7C90D586 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [ 2C, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateFile 7C90D682 1 Byte [ FF ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateFile + 2 7C90D684 1 Byte [ 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [ 17, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [ 05, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [ 23, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [ 0B, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [ 11, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtLoadDriver 7C90DB6E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtLoadDriver + 4 7C90DB72 2 Bytes [ 7B, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [ 14, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [ 20, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [ 0E, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSuspendProcess 7C90E83A 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtSuspendProcess + 4 7C90E83E 2 Bytes [ 66, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [ 26, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [ 1A, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [ 1D, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [ 29, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!LoadLibraryA 7C801D77 6 Bytes JMP 5F450F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!TerminateProcess 7C801E16 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!WriteProcessMemory 7C80220F 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateProcessW 7C802332 6 Bytes JMP 5F500F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateProcessA 7C802367 6 Bytes JMP 5F4D0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!GetProcAddress 7C80ADA0 6 Bytes JMP 5F420F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!LoadLibraryW 7C80AE4B 6 Bytes JMP 5F480F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateRemoteThread 7C81042C 3 Bytes [ FF, 25, 1E ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!CreateRemoteThread + 4 7C810430 2 Bytes [ 36, 5F ]
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!ExitProcess 7C81CDDA 6 Bytes JMP 5F6E0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!TerminateThread 7C81CE03 6 Bytes JMP 5F680F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!DebugActiveProcess 7C85A123 6 Bytes JMP 5F6B0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] kernel32.dll!WinExec 7C86136D 6 Bytes JMP 5F5F0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!GetKeyState 7E41C505 6 Bytes JMP 5F710F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!GetAsyncKeyState 7E41F3B3 6 Bytes JMP 5F740F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!DdeConnect 7E457F93 6 Bytes JMP 5F770F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] USER32.dll!EndTask 7E459E75 6 Bytes JMP 5F620F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ADVAPI32.dll!LsaRemoveAccountRights 77E1AA41 6 Bytes JMP 5F390F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] ADVAPI32.dll!CreateServiceA 77E37071 6 Bytes JMP 5F7D0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteExW 7CA017DB 6 Bytes JMP 5F5C0F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteEx 7CA40BB5 6 Bytes JMP 5F590F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteA 7CA40EE0 6 Bytes JMP 5F530F5A
.text C:\Program Files\Sony\Sound Forge 7.0\forge70.exe[3880] SHELL32.dll!ShellExecuteW 7CAB4F10 6 Bytes JMP 5F560F5A

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 84358120
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 843580A8

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 843DC2DC

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \FileSystem\Ntfs \Ntfs SSFS0BB9.SYS (Spy Sweeper FileSystem Filter Driver/Webroot Software Inc (http://www.webroot.com))

Device \FileSystem\Fastfat \FatCdrom 83CEC8FC
Device \Driver\Tcpip \Device\Ip 83D0EE90
Device \Driver\Tcpip \Device\Ip 83CF3B70
Device \Driver\Tcpip \Device\Ip 84157FA8
Device \Driver\Tcpip \Device\Ip 83F94D50

AttachedDevice \Driver\Tcpip \Device\Ip pctfw2.sys (PC Tools TDI Driver/PC Tools)

Device \Driver\Tcpip \Device\Tcp 83D0EE90
Device \Driver\Tcpip \Device\Tcp 83CF3B70
Device \Driver\Tcpip \Device\Tcp 84157FA8
Device \Driver\Tcpip \Device\Tcp 83F94D50

AttachedDevice \Driver\Tcpip \Device\Tcp pctfw2.sys (PC Tools TDI Driver/PC Tools)

---- Modules - GMER 1.0.14 ----

Module _________ BA7D6000-BA7EE000 (98304 bytes)

---- Registry - GMER 1.0.14 ----

Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201ec\x2020}{}\x201au\x20ac D
Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201eZ}\x2020\x2021\x2c6Xu\x2c6y FDDH4I4M4I4GE4FM
Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201e`u\x2021\x2c6Xu\x2c6y FDDH4I4M4I4GE4FM
Reg HKLM\SOFTWARE\Classes\cil8tsfile\Shell\Open\0@yŒ\x201efy\x81u}\x201a}\x201a{ D
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\1\1\2\1\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\2\2\2\2\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\1\2\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\2\2\2\2\1\1\2\1\1\1\2\1\1\1\2\2\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\1\1\2\2\2\1\1\2\2\1\1\1\1\1\2\2\1\2\1\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\2\1\1\1\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\1\1\2\2\2\2\1\1\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\1\1\2\1\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\1\2\2\1\1\2\2\1\1\1\1\2\1\1\2\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\2\1\2\2\2\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\1\1\2\2\1\1\2\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\1\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\2\1\1\1\1\1\2\2\2\1\1\1\1\1\2\2\2\1\2\1\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\2\1\1\2\1\1\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\1\1\2\2\2\1\1\1\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\2\1\1\1\1\1\2\2\2\1\1\1\1\1\2\2\1\1\2\2\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\1\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\2\1\1\1\1\1\2\2\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\2\1\1\2\2\1\1\2\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\Plasma MP3 Encoder Trial Version@\1\1\1\1\1\2\2\1\2\1\1\1\1\1\1\1\2\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\2\2\1\1\1\1\1\1\1\2\1\1\1\1\1\2\1\2\1\1\1\2\1\1\1\2\1\2\1\1\1\1\1\2\1\1\1\2\1\2\1\2\1\1\1\2\1\1\1\2\1\2\2\1\1\1\1\1\2\1\1\1\1\1\2\1\1\1\1\2\1\1\1\2\1\2\2\2\1\1\1\2\1\1\1\2\1\1\1\1\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2\1\1\2\1\1\2\1\2\1\2\1\2 ????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201ec\x2020}{}\x201au\x20ac K
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201eZ}\x2020\x2021\x2c6Xu\x2c6y FDDH4I4M4I4GE4FF
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201e`u\x2021\x2c6Xu\x2c6y FDDH4I4ED4EF4HM4FM
Reg HKLM\SOFTWARE\Classes\sabxfhfile\Shell\Open\0@yŒ\x201efy\x81u}\x201a}\x201a{ J

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit detected !!! <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior

---- EOF - GMER 1.0.14 ----
thrillastilla
Active Member
 
Posts: 14
Joined: January 21st, 2008, 2:04 pm

Re: HIJACK THIS - THRILLASTILLA

Unread postby 'KotaGuy » February 8th, 2008, 10:21 am

Hmmm.... I don't like seeing this...

---- Disk sectors - GMER 1.0.14 ----

Disk \Device\Harddisk0\DR0 sector 00: MBR rootkit detected !!! <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 02: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 08: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior
Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior

---- EOF - GMER 1.0.14 ----


Looks like the Stealth MBR RootKit.

Do you have your original XP Install disc handy?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: HIJACK THIS - THRILLASTILLA

Unread postby thrillastilla » February 8th, 2008, 10:21 pm

yes i do.. what exactly is that by the way?

Also, this malware removal program, it's actually freeware????
thrillastilla
Active Member
 
Posts: 14
Joined: January 21st, 2008, 2:04 pm

Re: HIJACK THIS - THRILLASTILLA

Unread postby 'KotaGuy » February 11th, 2008, 9:57 am

Print these instruction out for reference as for part of it you won't be able to access the 'net.

what exactly is that by the way?


The RootKit? Its an infection that attacks/modifies the Master Boot Record of the Hard Drive. gmer has a good writeup on what it its here:

http://www2.gmer.net/mbr/

Also... if you Google Stealth MBR Rootkti you'll find more info on it.

Also, this malware removal program, it's actually freeware????


Yes... pretty much all of what I have people use to clean their systems is free :)

OK... to install the Recovery Console, follow these steps:

    1. Insert the Windows XP CD into the CD-ROM drive.
    2. Click Start, and then click Run.
    3. In the Open box, type d:\i386\winnt32.exe /cmdcons (where d is the drive letter for your CD-ROM drive.)
    4. A Windows Setup Dialog Box appears. The Windows Setup Dialog Box describes the Recovery Console option. To confirm the installation, click Yes.
    5. Restart the computer. The next time that you start your computer, "Microsoft Windows Recovery Console" appears on the startup menu.
So choose the Recovery Console. The Recovery Console takes several seconds to start. When the Recovery Console menu appears, a numbered list of the Windows installations on the computer appears. (Generally, only c:\Windows exists.) Press a number before you press ENTER, even when only one entry appears. If you press ENTER without selecting a number, the computer restarts and begins the process again.

When you see the prompt for %SystemRoot% (generally C:\Windows), you can start using the available commands for the Recovery Console.

At the command prompt type in fixmbr and hit Enter.

Once the command has completed reboot the computer back into Windows.

Post a new gmer log along with a new HijackThis log please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: HIJACK THIS - THRILLASTILLA

Unread postby 'KotaGuy » February 20th, 2008, 1:13 pm

This topic is now closed due to inactivity. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 494 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware