View Full Version : Malware taken over! Need help! (resolved)
Every time I try to perform a Google search and click on a results link, it takes me to some unrelated website. Based upon what I have read, it appears I have malware on my computer. So, I tried to install Spybot, but I keep being told that safer-networking.org is a broken link and therefore, it won't install. I have attached my HJT log below. Please advise what my next steps should be. Thanks!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:48 AM, on 6/26/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iRiver\Service\MLService.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Tara Brooks\Local Settings\Temporary Internet Files\Content.IE5\3OPBGE7R\HiJackThis[1].exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utk.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=61d7f0a8-9c80-46b4-8f5a-1d0f16bdccc8
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Picture Package Menu.lnk = ?
O4 - Global Startup: Picture Package VCD Maker.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78F5305E-7BEC-460B-AF37-A5AF25D60986}: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1C71993-9DEF-4CB5-B10E-69F50E30FDA7}: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12182 bytes
Please note that all instructions given are customised for this computer only,
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
Please Read All Instructions Carefully
If you don't understand something, stop and ask! Don't keep going on.
Please do not run any other tools or scans whilst I am helping you
Failure to reply within 5 days will result in the topic being closed.
Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly http://www.countingcows.de/laechel.gif
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
----------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Download and Run RSIT
Please download Random's System Information Tool by random/random from here (http://images.malwareremoval.com/random/RSIT.exe) and save it to your desktop.
Double click on RSIT.exe to run RSIT.
Click Continue at the disclaimer screen.
Once it has finished, two logs will open:
log.txt will be opened maximized.
info.txt will be opened minimized.
Please post the contents of both log.txt and info.txt.
Please Download GMER to your desktop
Download GMER (http://www.gmer.net/gmer.zip) and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
MalwareBytes Log
RSIT Logs
GMER log
How are things running now ?
When I try to download malware bytes by clicking your link, I get redirected to a page that says "Oops! This link appears broken." I also tried to type the website (found on Google) directly into my address line and it returns the same result. I stopped here because I didn't know if I should go to the next step before downloading malware bytes. Please advise what I should do now. Thanks!
Try this link MBAM (http://download.cnet.com/3001-8022_4-10804572.html?spi=c35487da21eb2ce9360fede094e62e26&part=dl-10804572)
The link worked and I ran mbam.exe. However, when I got to the end and checked the two boxes and clicked finish, nothing happened. I can't get it to run on 2nd and 3rd attempts. Now what?
Please post the RSIT and GMER logs
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tara Brooks at 2009-06-28 18:18:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 6 GB (15%) free of 38 GB
Total RAM: 511 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:19:03 PM, on 6/28/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iRiver\Service\MLService.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\DOCUME~1\TARABR~1\LOCALS~1\Temp\setup2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tara Brooks\Desktop\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Tara Brooks.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utk.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [bascstray] BascsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [WinBlueSoft] C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [setup2.exe] C:\WINDOWS\system32\setup2.exe
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=61d7f0a8-9c80-46b4-8f5a-1d0f16bdccc8
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{78F5305E-7BEC-460B-AF37-A5AF25D60986}: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\..\{E1C71993-9DEF-4CB5-B10E-69F50E30FDA7}: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.68,85.255.112.66
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12137 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job
C:\WINDOWS\tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10}]
My Search BHO - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL [2005-02-17 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-26 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-26 34816]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2008-11-26 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{014DA6C9-189F-421a-88CD-07CFE51CFF10}
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-07-29 335872]
"bascstray"=BascsTray.exe []
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2006-10-30 131072]
"iRiver AutoDB"=C:\Program Files\iRiver\Service\MLService.exe [2004-09-10 1040384]
"iRiver Updater"=C:\Program Files\iRiver\Service\Updater.exe [2004-09-07 212992]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-26 136600]
"ISTray"=C:\Program Files\Spyware Doctor\pctsTray.exe [2008-12-08 1173384]
"WinBlueSoft"=C:\Program Files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe -min []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\PROGRA~1\AWS\WEATHE~1\Weather.exe [2005-06-07 1339392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Aim6"= []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"RegistryMechanic"=C:\Program Files\Registry Mechanic\RegMech.exe [2008-07-08 2828184]
"setup2.exe"=C:\WINDOWS\system32\setup2.exe [2009-06-28 830976]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"=C:\Program Files\Support.com\providerComcast\desktopdoctor.exe [2006-06-02 1286144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-30 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~4\SonyTray.exe [2003-11-21 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-12-14 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Hawking Wireless Utility.lnk - C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
Post-itŪ Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-07-29 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2004-01-12 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe"="C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\BitTorrent\bittorrent.exe"="C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
======List of files/folders created in the last 1 months======
2009-12-28 14:52:47 ----A---- C:\WINDOWS\28539hacktool22z.dll
2009-12-28 11:01:56 ----A---- C:\WINDOWS\system32\213db9zkdoo51136.exe
2009-12-26 12:24:32 ----A---- C:\WINDOWS\system32\28860no9-a5virus67z.dll
2009-12-26 02:41:34 ----A---- C:\WINDOWS\985dzhief521.exe
2009-12-24 23:01:13 ----A---- C:\WINDOWS\5e9fsparsz2669.exe
2009-12-17 08:59:21 ----A---- C:\WINDOWS\2495zworm593.exe
2009-12-14 23:13:32 ----A---- C:\WINDOWS\system32\24z36wo5m97.exe
2009-12-13 08:05:59 ----A---- C:\WINDOWS\system32\5d58steal9959z.dll
2009-12-05 11:23:34 ----A---- C:\WINDOWS\9849tr5jzf5.exe
2009-12-05 01:22:00 ----A---- C:\WINDOWS\18956zr5j1829.exe
2009-12-03 14:02:40 ----A---- C:\WINDOWS\system32\2c5sp9rsz3149.dll
2009-12-02 07:57:08 ----A---- C:\WINDOWS\1954795ruz572.dll
2009-11-25 07:55:12 ----A---- C:\WINDOWS\5da3sp9wa5e1998z.dll
2009-11-22 18:04:49 ----A---- C:\WINDOWS\62zddow5loade9278.exe
2009-11-22 11:31:15 ----A---- C:\WINDOWS\40b9dow5zoader1079.exe
2009-11-21 17:30:24 ----A---- C:\WINDOWS\system32\1817h5ckt9zlfb.dll
2009-11-17 06:25:07 ----A---- C:\WINDOWS\39fa9dware140z5.dll
2009-11-12 21:28:49 ----A---- C:\WINDOWS\983spam5zt696.exe
2009-11-08 17:06:53 ----A---- C:\WINDOWS\system32\5ed6backd9or1570z.dll
2009-11-08 01:48:17 ----A---- C:\WINDOWS\15093wzrm6085.exe
2009-11-07 19:02:54 ----A---- C:\WINDOWS\31z79ac5door2787.exe
2009-11-01 07:11:38 ----A---- C:\WINDOWS\17930haczt5ol395.dll
2009-10-28 18:39:18 ----A---- C:\WINDOWS\system32\23592not-5-virz97e9.dll
2009-10-24 19:30:02 ----A---- C:\WINDOWS\system32\50710not-a-virzs30d9.exe
2009-10-24 14:11:14 ----A---- C:\WINDOWS\1fe9backdoor9z65.dll
2009-10-24 09:28:39 ----A---- C:\WINDOWS\37cdvi5z977.exe
2009-10-19 06:25:43 ----A---- C:\WINDOWS\90112hack5ool4z4.exe
2009-10-19 04:54:05 ----A---- C:\WINDOWS\1689zhacktoo5742.dll
2009-10-11 07:34:13 ----A---- C:\WINDOWS\5f6edowzloader23569.dll
2009-10-10 06:21:53 ----A---- C:\WINDOWS\system32\2c7aaddza5e23719.dll
2009-10-08 04:42:31 ----A---- C:\WINDOWS\system32\59z8vir1695.dll
2009-10-06 00:31:52 ----A---- C:\WINDOWS\system32\56c9sparse293z5.exe
2009-10-01 13:41:43 ----A---- C:\WINDOWS\9z5threa57982.dll
2009-09-25 18:29:46 ----A---- C:\WINDOWS\9933nzt-95virus3d4.dll
2009-09-24 17:09:57 ----A---- C:\WINDOWS\system32\98z45tro5140.dll
2009-09-19 09:30:37 ----A---- C:\WINDOWS\system32\41f9zparse93225.exe
2009-09-15 20:03:39 ----A---- C:\WINDOWS\5aez5ir2979.exe
2009-09-15 11:57:47 ----A---- C:\WINDOWS\system32\6a39zownlo5der1777.dll
2009-09-13 21:35:29 ----A---- C:\WINDOWS\94a1adzware1956.dll
2009-09-10 22:30:39 ----A---- C:\WINDOWS\system32\1519vir5s909z.dll
2009-08-28 16:35:32 ----A---- C:\WINDOWS\68fadzwn5oad9r1676.exe
2009-08-27 11:17:48 ----A---- C:\WINDOWS\3abcspzrs9553.dll
2009-08-27 05:14:03 ----A---- C:\WINDOWS\system32\9d85hie93049z.dll
2009-08-25 17:05:01 ----A---- C:\WINDOWS\system32\745badd9are11z8.exe
2009-08-23 17:56:48 ----A---- C:\WINDOWS\system32\6902viz4755.dll
2009-08-21 07:21:07 ----A---- C:\WINDOWS\546dzwnload952011.dll
2009-08-12 19:37:29 ----A---- C:\WINDOWS\system32\7525sp9r5ez292.exe
2009-08-10 20:34:35 ----A---- C:\WINDOWS\135ftz5eat59369.dll
2009-08-09 08:35:53 ----A---- C:\WINDOWS\7z40tro5159.dll
2009-08-09 01:56:22 ----A---- C:\WINDOWS\5529thizf2777.dll
2009-08-05 07:28:43 ----A---- C:\WINDOWS\system32\57db9zreat2883.dll
2009-08-01 09:58:32 ----A---- C:\WINDOWS\system32\4c95sparze2453.dll
2009-07-24 05:25:38 ----A---- C:\WINDOWS\28495tz9j55c.dll
2009-07-22 20:13:27 ----A---- C:\WINDOWS\8195ddwarez015.dll
2009-07-22 17:20:20 ----A---- C:\WINDOWS\system32\675espyw9rez965.exe
2009-07-18 11:32:25 ----A---- C:\WINDOWS\system32\14z14ha9ktoo539.exe
2009-07-18 06:00:58 ----A---- C:\WINDOWS\2d7ds5ywzre2999.exe
2009-07-14 16:53:54 ----A---- C:\WINDOWS\system32\2e145ozn9oader1441.exe
2009-07-13 23:06:20 ----A---- C:\WINDOWS\7992zir357.exe
2009-07-13 16:43:49 ----A---- C:\WINDOWS\system32\6a90t9ie5z37.dll
2009-07-11 12:46:13 ----A---- C:\WINDOWS\system32\zc5avir9995.dll
2009-07-10 14:38:36 ----A---- C:\WINDOWS\301599irzs5e6.dll
2009-07-09 06:21:22 ----A---- C:\WINDOWS\system32\5549steal84z.exe
2009-07-07 15:12:51 ----A---- C:\WINDOWS\9865thzeat23013.dll
2009-07-03 05:56:40 ----A---- C:\WINDOWS\system32\17zbthi9f1557.dll
2009-07-01 03:13:02 ----A---- C:\WINDOWS\7593steal2z81.exe
2009-06-28 18:18:32 ----D---- C:\rsit
2009-06-28 17:17:38 ----A---- C:\WINDOWS\z6999spamb5935f.dll
2009-06-28 17:17:38 ----A---- C:\WINDOWS\system32\90755hackzo5l7ba.dll
2009-06-28 17:17:38 ----A---- C:\WINDOWS\4235vzrus75d9.exe
2009-06-28 17:17:37 ----A---- C:\WINDOWS\system32\35419spz4c5.exe
2009-06-28 17:17:37 ----A---- C:\WINDOWS\4f9badzware25809.dll
2009-06-28 17:17:36 ----A---- C:\WINDOWS\system32\155999rojz2e.dll
2009-06-28 17:17:36 ----A---- C:\WINDOWS\69345roj5ze.exe
2009-06-28 17:17:36 ----A---- C:\WINDOWS\2609vzr9s551.dll
2009-06-28 17:17:36 ----A---- C:\WINDOWS\161259y58z.exe
2009-06-28 17:17:35 ----A---- C:\WINDOWS\system32\d69s5yware3z.dll
2009-06-28 17:17:35 ----A---- C:\WINDOWS\system32\b695hiefz4109.exe
2009-06-28 17:17:35 ----A---- C:\WINDOWS\system32\6152zparse28959.exe
2009-06-28 17:17:35 ----A---- C:\WINDOWS\system32\153et5rza928299.exe
2009-06-28 17:17:35 ----A---- C:\WINDOWS\695ethr9zt50157.exe
2009-06-28 17:17:35 ----A---- C:\WINDOWS\5ab9backdoorz9125.dll
2009-06-28 17:17:35 ----A---- C:\WINDOWS\5968sp5rze2299.dll
2009-06-28 17:17:35 ----A---- C:\WINDOWS\59202spambotz76.exe
2009-06-28 17:17:35 ----A---- C:\WINDOWS\4840spar9e3z58.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\z7974s5ydf9.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\z65dth9eat1493.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\9957hacztool5d2.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\93839s5y571z.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\7z59orm167.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\79b2sp5ware19z4.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\6d8zthief1975.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\5d16threzt296.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\569bspzr5e2339.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\51969virus11z.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\51492szy729.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\35zhacktool937.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\296z3v9ru5268.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\29551szy9a8.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\15567troz49b.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\system32\1137s9yzfa5.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\73c1s95alz327.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\6a96spyw9rez5.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\5d80st5az259.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\5d659parsez087.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\5180spyzar52309.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\4z21spar591603.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\23699irz55.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\19614zpambo5fd.exe
2009-06-28 17:17:34 ----A---- C:\WINDOWS\1885spambz979d5.dll
2009-06-28 17:17:34 ----A---- C:\WINDOWS\11005z9oj92.dll
2009-06-28 17:17:33 ----A---- C:\WINDOWS\system32\setup2.exe
2009-06-28 17:17:33 ----A---- C:\WINDOWS\system32\151bthzeat91160.dll
2009-06-28 14:00:42 ----D---- C:\Program Files\Common Files\PC Tools
2009-06-28 14:00:36 ----D---- C:\Program Files\Spyware Doctor
2009-06-28 14:00:36 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\PC Tools
2009-06-28 14:00:36 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-06-28 14:00:32 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-06-28 14:00:30 ----D---- C:\Program Files\Registry Mechanic
2009-06-28 13:45:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-28 13:45:33 ----D---- C:\Program Files\SpywareBlaster
2009-06-28 13:28:29 ----D---- C:\WINDOWS\pss
2009-06-27 20:58:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-27 20:58:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-26 12:20:04 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-26 12:13:41 ----D---- C:\Program Files\NOS
2009-06-26 12:13:41 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-26 02:03:42 ----D---- C:\Program Files\Trend Micro
2009-06-26 01:40:57 ----D---- C:\WINDOWS\ERDNT
2009-06-26 01:40:22 ----D---- C:\Program Files\ERUNT
2009-06-26 01:12:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-25 21:11:13 ----D---- C:\Program Files\Adware Professional
2009-06-23 15:16:38 ----D---- C:\Program Files\DivX
2009-06-23 07:33:36 ----A---- C:\WINDOWS\system32\27969nzt-a-vi5us580.exe
2009-06-22 12:40:35 ----A---- C:\WINDOWS\system32\3529ad9ware1z59.dll
2009-06-17 09:04:29 ----A---- C:\WINDOWS\system32\z54455p9mbot18.exe
2009-06-15 11:02:12 ----A---- C:\WINDOWS\system32\2124d9wnzoader1515.exe
2009-06-13 03:59:33 ----A---- C:\WINDOWS\system32\3393ste9l28z5.dll
2009-06-11 03:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-06-10 15:09:28 ----A---- C:\WINDOWS\61z0thie5649.exe
2009-06-09 22:17:51 ----A---- C:\WINDOWS\system32\55a99zeal2962.dll
2009-06-08 12:56:05 ----A---- C:\WINDOWS\5803not-a5virzs7d89.exe
======List of files/folders modified in the last 1 months======
2009-06-28 17:43:55 ----D---- C:\WINDOWS\Temp
2009-06-28 17:43:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-28 17:24:34 ----RD---- C:\Program Files
2009-06-28 17:17:38 ----D---- C:\WINDOWS\system32
2009-06-28 17:17:38 ----D---- C:\windows
2009-06-28 16:57:19 ----D---- C:\WINDOWS\Prefetch
2009-06-28 14:19:03 ----D---- C:\WINDOWS\system32\drivers
2009-06-28 14:18:47 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2009-06-28 14:16:13 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-06-28 14:00:42 ----D---- C:\Program Files\Common Files
2009-06-28 13:34:57 ----RASH---- C:\boot.ini
2009-06-28 13:34:57 ----A---- C:\WINDOWS\win.ini
2009-06-28 13:34:57 ----A---- C:\WINDOWS\system.ini
2009-06-27 21:22:58 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\WeatherBug
2009-06-27 13:31:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-26 12:31:06 ----SHD---- C:\WINDOWS\Installer
2009-06-26 12:31:06 ----SHD---- C:\Config.Msi
2009-06-26 12:30:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-26 12:29:06 ----D---- C:\Program Files\Common Files\Adobe
2009-06-26 12:27:39 ----D---- C:\Program Files\Adobe
2009-06-26 12:20:10 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\Adobe
2009-06-26 12:07:33 ----D---- C:\WINDOWS\system32\FxsTmp
2009-06-26 08:34:38 ----D---- C:\WINDOWS\Minidump
2009-06-25 19:25:39 ----D---- C:\Program Files\SmartDraw 2009
2009-06-25 19:24:11 ----SD---- C:\WINDOWS\Tasks
2009-06-25 19:23:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 19:23:29 ----HD---- C:\WINDOWS\inf
2009-06-25 19:23:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-25 19:21:59 ----D---- C:\Program Files\Java
2009-06-25 19:20:19 ----D---- C:\Program Files\DNA
2009-06-23 21:40:41 ----HD---- C:\Documents and Settings\Tara Brooks\Application Data\Move Networks
2009-06-11 03:14:43 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:07:56 ----RSHD---- C:\WINDOWS\system32\DllCache
2009-06-11 03:07:46 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 03:07:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 03:03:29 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 03:02:59 ----D---- C:\WINDOWS\ie7updates
2009-06-08 07:12:27 ----D---- C:\WINDOWS\SoftwareDistribution
2009-06-01 12:51:12 ----A---- C:\WINDOWS\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-07-29 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-07-29 206464]
R2 BASFND;BASFND; \??\C:\WINDOWS\System32\Drivers\BASFND.sys []
R2 lowpp;Lowrance MMC Parallel Port Driver; \??\C:\WINDOWS\system32\Drivers\lowpp.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-07-29 14037]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2008-04-13 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2004-01-09 10970]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-08-22 94600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-04-13 701440]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-22 175360]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MLFILEM;MLFILEM; \??\C:\WINDOWS\system32\drivers\MLFILEM.SYS []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-07-29 30630]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2004-01-13 2482176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-07-29 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiAvFilter101;NAI Anti Virus; \Device\NaiAvFilter101.sys []
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2007-03-12 16128]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-14 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-07-29 323584]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINDOWS\System32\basfipm.exe [2003-04-17 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2008-11-26 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2004-01-09 122880]
R2 RioMSC;Rio MSC Manager; C:\WINDOWS\system32\RioMSC.exe [2004-08-26 282624]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2004-01-09 303171]
R2 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-01-07 348752]
R2 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-01-21 1095560]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2006-10-30 98304]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
-----------------EOF-----------------
info.txt logfile of random's system information tool 1.06 2009-06-28 18:19:20
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->MsiExec.exe /X{6D8D64BE-F500-55B6-705D-DFD08AFE0624}
Adobe AIR-->c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
AdobeŪ PhotoshopŪ Album Starter Edition 3.2-->MsiExec.exe /I{A654A805-41D9-40C7-AA46-4AF04F044D61}
Adware Professional v5.0-->"C:\Program Files\Adware Professional\unins000.exe"
AIM 6-->C:\Program Files\AIM6\uninst.exe
ALPS Touch Pad Driver-->C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
Amazon MP3 Downloader 1.0.3-->C:\Program Files\Amazon\MP3 Downloader\Uninstall.exe
AOL Instant Messenger-->C:\Program Files\AIM\uninstll.exe -LOG= C:\Program Files\AIM\install.log -OEM=
Apple Mobile Device Support-->MsiExec.exe /I{AFA20D47-69C3-4030-8DF8-D37466E70F13}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
ATI Control Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe"
ATI Display Driver-->rundll32 C:\WINDOWS\System32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Broadcom Advanced Control Suite-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{89EE857B-8970-4F9F-AB58-A1C873AC72B3} /l1033
Broadcom ASF Management Applications-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{25D24E84-64A9-40D2-85CF-540B1C4A6D52} /l1033
Comcast High-Speed Internet Install Wizard-->C:\Program Files\support.com\uninstall\chsi_uninstaller.exe
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant D480 MDC V.9x Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Dell Solution Center-->MsiExec.exe /X{11F1920A-56A2-4642-B6E0-3B31A12C9288}
Desktop Doctor-->"C:\Program Files\Support.com\providerComcast\Uninstall.exe" /c "Remove Desktop Doctor?"
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
DVDSentry-->MsiExec.exe /I{98DF85D9-96C0-4F57-A92E-C3539477EF5E}
Easy CD Creator 5 Basic-->MsiExec.exe /I{609F7AC8-C510-11D4-A788-009027ABA5D0}
ERUNT 1.1j-->"C:\Program Files\ERUNT\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Hawking Hi-Gain Wireless-G USB Dish Adapter-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9
HijackThis 2.0.2-->"C:\Documents and Settings\Tara Brooks\Local Settings\Temporary Internet Files\Content.IE5\3OPBGE7R\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) PROSet-->MsiExec.exe /I{2C351DB8-E088-41A2-9BF0-113727FBB697}
InterVideo WinDVD-->"C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iRiver AutoDB-->C:\Program Files\iRiver\Service\uninst.exe
iTunes-->MsiExec.exe /I{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}
J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\setup.exe -runfromtemp -l0x0009 -removeonly
Macromedia Flash Player-->MsiExec.exe /X{0456ebd7-5f67-4ab6-852e-63781e3f389c}
Macromedia Shockwave Player-->C:\windows\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\windows\system32\Macromed\SHOCKW~1\Install.log
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
McAfee SecurityCenter-->C:\Program Files\McAfee\MSC\mcuninst.exe
Microsoft .NET Framework 2.0 Service Pack 1-->MsiExec.exe /I{B508B3F1-A24A-32C0-B310-85786919EF28}
Microsoft Data Access Components KB870669-->C:\WINDOWS\muninst.exe C:\WINDOWS\INF\KB870669.inf
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office XP Professional-->MsiExec.exe /I{91110409-6000-11D3-8CFE-0050048383C9}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Modem Helper-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F142D56-3326-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanel
MSN Music Assistant-->rundll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msninst.inf,Uninstall
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Picture Package-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1E2F8AE3-3437-44E6-BB75-E95751D6B83F}\setup.exe" -l0x9 UNINSTALL
Post-itŪ Software Notes Lite-->"C:\Program Files\3M\PSNLite\Uninstall.exe" -Prog"C:\Program Files\3M\PSNLite\PsnLite.exe" -INI"C:\Program Files\3M\PSNLite\uninst.ini"
QuickSet-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe" -l0x9 UNINSTALL
QuickTime-->MsiExec.exe /I{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}
Registry Mechanic 8.0-->"C:\Program Files\Registry Mechanic\unins000.exe" /Log
Rio Internet Update-->MsiExec.exe /X{493F2531-C2E5-4B73-8B11-66E9CFDA9AFA}
Rio Music Manager-->MsiExec.exe /X{282EF7E3-AE54-48AE-A11D-27F512F23AB3}
Rio Taxi-->MsiExec.exe /X{434C733C-27FA-423E-8CDC-F72B55631BA5}
Safari-->MsiExec.exe /I{D90AFDE3-3E67-407A-ACA8-F0BAAD012F08}
Security Update for Step By Step Interactive Training (KB898458)-->"C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB929969)-->"C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB931768)-->"C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sony USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}\setup.exe" UNINSTALL
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
SpywareBlaster 4.2-->"C:\Program Files\SpywareBlaster\unins000.exe"
Super TextTwist-->C:\PROGRA~1\GAMEHO~1\TEXTTW~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\TEXTTW~1\INSTALL.LOG
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Viewpoint Manager (Remove Only)-->C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgrInstaller.exe /u /k
WD Diagnostics-->MsiExec.exe /X{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}
WeatherBug Companion - powered by MySearch-->rundll32 C:\PROGRA~1\MySearch\bar\1.bin\s4bar.dll,O
WeatherBug-->C:\PROGRA~1\AWS\WEATHE~1\REMOVE.EXE C:\PROGRA~1\AWS\WEATHE~1\INSTALL.LOG
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Sasser Worm Removal Tool (KB841720)-->C:\WINDOWS\$NtUninstallKB841720$\spuninst\spuninst.exe
======Security center information======
AV: McAfee VirusScan
FW: McAfee Personal Firewall
======System event log======
Computer Name: TARA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 11104
Source Name: Cdrom
Time Written: 20090414174958.000000-240
Event Type: warning
User:
Computer Name: TARA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 11103
Source Name: Cdrom
Time Written: 20090414174958.000000-240
Event Type: warning
User:
Computer Name: TARA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 11102
Source Name: Cdrom
Time Written: 20090414174958.000000-240
Event Type: warning
User:
Computer Name: TARA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 11101
Source Name: Cdrom
Time Written: 20090414174958.000000-240
Event Type: warning
User:
Computer Name: TARA
Event Code: 51
Message: An error was detected on device \Device\CdRom0 during a paging operation.
Record Number: 11100
Source Name: Cdrom
Time Written: 20090414174958.000000-240
Event Type: warning
User:
=====Application event log=====
Computer Name: TARA
Event Code: 1000
Message: Faulting application componentlauncher.exe, version 3.2.0.12228, faulting module ntdll.dll, version 5.1.2600.5755, fault address 0x000118b5.
Record Number: 154
Source Name: Application Error
Time Written: 20090420225246.000000-240
Event Type: error
User:
Computer Name: TARA
Event Code: 1002
Message: Hanging application Weather.exe, version 6.5.0.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 142
Source Name: Application Hang
Time Written: 20090417203545.000000-240
Event Type: error
User:
Computer Name: TARA
Event Code: 1002
Message: Hanging application Weather.exe, version 6.5.0.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 131
Source Name: Application Hang
Time Written: 20090417161859.000000-240
Event Type: error
User:
Computer Name: TARA
Event Code: 1002
Message: Hanging application Weather.exe, version 6.5.0.15, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 130
Source Name: Application Hang
Time Written: 20090417161859.000000-240
Event Type: error
User:
Computer Name: TARA
Event Code: 1002
Message: Hanging application install.exe, version 6.9.2258.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
Record Number: 30
Source Name: Application Hang
Time Written: 20090328163924.000000-240
Event Type: error
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Common Files\Adaptec Shared\System;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 9 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=0905
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
-----------------EOF-----------------
Do you have the GMER log ?
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-28 20:45:08
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF875C514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF874B282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF874B474]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF875CD00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF875CFB8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF875B3FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF875D422]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF875C7D8]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF874AF32]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xECD339AC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xECD33AFA]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xECD33ADF]
Code 83240200 ZwFlushInstructionCache
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xECD339EC]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xECD33B24]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xECD33930]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xECD33944]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xECD339C0]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xECD33B60]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xECD33AC9]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xECD33AB3]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xECD33B4C]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xECD33B38]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xECD33998]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xECD33984]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xECD33B0E]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xECD33A02]
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xECD339D6]
Code 82F8F126 IofCallDriver
Code 82CC52DE IofCompleteRequest
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82F8F12B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82CC52E3
.text ntoskrnl.exe!ZwYieldExecution 804F0EA6 7 Bytes JMP ECD339DA \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryValueKey 8056A1F2 7 Bytes JMP ECD33AB7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtCreateFile 8056CDC0 5 Bytes JMP ECD339B0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtSetInformationProcess 8056DC01 5 Bytes JMP ECD33988 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryKey 80570A6D 7 Bytes JMP ECD33B64 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP ECD33AFE \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtOpenProcess 805717C7 5 Bytes JMP ECD33934 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwProtectVirtualMemory 80571CB1 7 Bytes JMP ECD339C4 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnmapViewOfSection 805736E6 5 Bytes JMP ECD33A06 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!NtMapViewOfSection 80573B61 7 Bytes JMP ECD339F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 83240204
PAGE ntoskrnl.exe!NtOpenThread 8058A1C9 5 Bytes JMP ECD33948 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwNotifyChangeKey 8058A699 5 Bytes JMP ECD33B28 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwEnumerateValueKey 80590677 7 Bytes JMP ECD33AE3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwSetContextThread 8062DD17 5 Bytes JMP ECD3399C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwUnloadKey 8064D9DA 7 Bytes JMP ECD33B12 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwQueryMultipleValueKey 8064E300 7 Bytes JMP ECD33ACD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwRestoreKey 8064EC71 5 Bytes JMP ECD33B3C \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
PAGE ntoskrnl.exe!ZwReplaceKey 8064F0DC 5 Bytes JMP ECD33B50 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[136] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
.text C:\WINDOWS\system32\spoolsv.exe[136] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[136] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A80001
.text C:\WINDOWS\system32\ctfmon.exe[220] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[220] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\ctfmon.exe[220] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[220] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[220] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[220] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[220] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01250001
.text C:\WINDOWS\system32\Ati2evxx.exe[236] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[236] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[236] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[236] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[236] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[236] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[292] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0216000A
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02160F68
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02160F83
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02160F94
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02160051
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02160036
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0216009A
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02160089
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 021600D7
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 021600C6
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02160F19
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02160FAF
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02160FE5
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02160078
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02160FCA
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0216001B
.text C:\WINDOWS\Explorer.EXE[356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 021600B5
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 019C002C
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 019C0F94
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 019C001B
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 019C0000
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 019C0FA5
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 019C0FEF
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 019C0051
.text C:\WINDOWS\Explorer.EXE[356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 019C0FC0
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\Explorer.EXE[356] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01930049
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!system 77C293C7 5 Bytes JMP 01930FC8
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01930027
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01930FEF
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01930038
.text C:\WINDOWS\Explorer.EXE[356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 01930000
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 020A0000
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 020A0FEF
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 020A001B
.text C:\WINDOWS\Explorer.EXE[356] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 020A0FCA
.text C:\WINDOWS\Explorer.EXE[356] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01920000
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01820001
.text C:\WINDOWS\System32\1XConfig.exe[536] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\1XConfig.exe[536] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\System32\1XConfig.exe[536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\1XConfig.exe[536] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[536] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\System32\1XConfig.exe[536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\1XConfig.exe[536] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\SCardSvr.exe[628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\SCardSvr.exe[628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\WINDOWS\System32\SCardSvr.exe[628] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\SCardSvr.exe[628] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0026009A
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260FA5
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260FB6
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260069
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260047
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600ED
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600D2
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260F79
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260112
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F5E
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260058
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 002600AB
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026002C
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026001B
.text C:\Program Files\Internet Explorer\iexplore.exe[708] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F8A
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FD4
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F9E
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350025
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0035000A
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 0035005B
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FE5
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FB9
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
.text C:\Program Files\Internet Explorer\iexplore.exe[708] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350040
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 408BF341 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 40A5178F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 40A51710 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 40A51754 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 40A5169C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 40A516D6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 40A517CA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 408E16B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[708] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360F90
.text C:\Program Files\Internet Explorer\iexplore.exe[708] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FA1
.text C:\Program Files\Internet Explorer\iexplore.exe[708] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00360FCD
.text C:\Program Files\Internet Explorer\iexplore.exe[708] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
.text C:\Program Files\Internet Explorer\iexplore.exe[708] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FBC
.text C:\Program Files\Internet Explorer\iexplore.exe[708] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360011
.text C:\Program Files\Internet Explorer\iexplore.exe[708] WS2_32.dll!socket 71AB4211 5 Bytes JMP 0099000A
.text C:\Program Files\Internet Explorer\iexplore.exe[708] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 009A000A
.text C:\Program Files\Internet Explorer\iexplore.exe[708] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 009A001B
.text C:\Program Files\Internet Explorer\iexplore.exe[708] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 009A002C
.text C:\Program Files\Internet Explorer\iexplore.exe[708] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 009A0FDB
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\Program Files\Digital Line Detect\DLG.exe[776] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[776] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[776] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[776] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Digital Line Detect\DLG.exe[776] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Digital Line Detect\DLG.exe[776] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008F0001
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[788] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[860] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[860] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01840001
.text C:\WINDOWS\system32\csrss.exe[860] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[860] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[884] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[884] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01B30001
.text C:\WINDOWS\system32\winlogon.exe[884] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[884] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FE5
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01020F83
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020F94
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0102006E
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01020051
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020036
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020F4B
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01020F68
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010200DA
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010200C9
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01020F30
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01020FAF
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020000
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01020093
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0102001B
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01020FCA
.text C:\WINDOWS\system32\services.exe[928] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010200B8
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FF0FAF
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FF0F80
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FF003D
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FF0000
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FF002C
.text C:\WINDOWS\system32\services.exe[928] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\services.exe[928] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FE0055
.text C:\WINDOWS\system32\services.exe[928] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FE0FC0
.text C:\WINDOWS\system32\services.exe[928] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FE0029
.text C:\WINDOWS\system32\services.exe[928] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FE0000
.text C:\WINDOWS\system32\services.exe[928] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FE003A
.text C:\WINDOWS\system32\services.exe[928] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FE0FEF
.text C:\WINDOWS\system32\services.exe[928] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\services.exe[928] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\services.exe[928] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FD0000
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[940] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F00FEF
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F00F72
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F0005D
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F00F83
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F00040
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F0001B
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F00F1F
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F00F46
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F0008C
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F00EF3
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F00ECE
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F00F9E
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F0000A
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F00F57
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F00FAF
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F00FCA
.text C:\WINDOWS\system32\lsass.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F00F0E
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00EF0FB9
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00EF0076
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00EF0FD4
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00EF0FE5
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00EF0051
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00EF000A
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00EF0036
.text C:\WINDOWS\system32\lsass.exe[940] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00EF0025
.text C:\WINDOWS\system32\lsass.exe[940] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\lsass.exe[940] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\lsass.exe[940] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C30FCA
.text C:\WINDOWS\system32\lsass.exe[940] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C30055
.text C:\WINDOWS\system32\lsass.exe[940] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C30033
.text C:\WINDOWS\system32\lsass.exe[940] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C30FEF
.text C:\WINDOWS\system32\lsass.exe[940] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C30044
.text C:\WINDOWS\system32\lsass.exe[940] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C3000C
.text C:\WINDOWS\system32\lsass.exe[940] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BA0000
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\Ati2evxx.exe[1088] USER32.dll!SetWindowsHookExA
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E50000
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E50F99
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E50084
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E50073
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E50FC0
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E50062
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E500A9
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E50F6D
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E500D5
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E500BA
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E50F21
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E50FDB
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E50011
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E50F7E
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E50047
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E50036
.text C:\WINDOWS\system32\svchost.exe[1100] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E50F46
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30FA8
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E30F50
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E30FC3
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E30FD4
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30F61
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30FEF
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00E30F7C
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [03, 89]
.text C:\WINDOWS\system32\svchost.exe[1100] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30F97
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[1100] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20FC3
.text C:\WINDOWS\system32\svchost.exe[1100] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E2004E
.text C:\WINDOWS\system32\svchost.exe[1100] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20022
.text C:\WINDOWS\system32\svchost.exe[1100] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20FEF
.text C:\WINDOWS\system32\svchost.exe[1100] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20033
.text C:\WINDOWS\system32\svchost.exe[1100] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E20FDE
.text C:\WINDOWS\system32\svchost.exe[1100] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00E40000
.text C:\WINDOWS\system32\svchost.exe[1100] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00E40011
.text C:\WINDOWS\system32\svchost.exe[1100] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00E40036
.text C:\WINDOWS\system32\svchost.exe[1100] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00E40FE5
.text C:\WINDOWS\system32\svchost.exe[1100] ws2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FEF
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01070001
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Hawking\HWU8DD\HWU8DD.exe[1184] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1212] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0000
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0F4D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F5E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0F79
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F94
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA0FC0
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA007F
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA006E
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00C6
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA00AB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA00D7
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA0FAF
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA001B
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA005D
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA0FDB
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA002C
.text C:\WINDOWS\system32\svchost.exe[1212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0090
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B90FCA
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B90F94
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B9001B
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B9000A
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B90051
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B90FEF
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B90040
.text C:\WINDOWS\system32\svchost.exe[1212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B90FB9
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1212] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B80F92
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B80FA3
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B8001D
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B80FEF
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B80FC8
.text C:\WINDOWS\system32\svchost.exe[1212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B8000C
.text C:\WINDOWS\system32\svchost.exe[1212] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B70FEF
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 03120FE5
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 03120F5C
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 03120051
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 03120F6D
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 03120036
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0312001B
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0312007D
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 03120F41
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 03120098
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 03120F09
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 03120EE4
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 03120F94
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 0312000A
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0312006C
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 03120FB9
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 03120FCA
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!WinExec 7C86250D 3 Bytes JMP 03120F1A
.text C:\WINDOWS\System32\svchost.exe[1256] kernel32.dll!WinExec + 4 7C862511 1 Byte [86]
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 03100FCA
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 03100065
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 03100025
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 03100FEF
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 03100F9E
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0310000A
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 03100040
.text C:\WINDOWS\System32\svchost.exe[1256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 03100FAF
.text C:\WINDOWS\System32\svchost.exe[1256] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1256] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 030F0038
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!system 77C293C7 5 Bytes JMP 030F0FAD
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 030F001D
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 030F0000
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 030F0FC8
.text C:\WINDOWS\System32\svchost.exe[1256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 030F0FE3
.text C:\WINDOWS\System32\svchost.exe[1256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 030E0FEF
.text C:\WINDOWS\System32\svchost.exe[1256] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 03110000
.text C:\WINDOWS\System32\svchost.exe[1256] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 03110FE5
.text C:\WINDOWS\System32\svchost.exe[1256] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 03110FCA
.text C:\WINDOWS\System32\svchost.exe[1256] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 03110011
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00780FEF
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0078007D
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00780F92
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0078006C
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00780FB9
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00780040
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00780F52
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0078008E
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 007800C6
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00780F37
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007800E1
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00780051
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00780014
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00780F63
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0078002F
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00780FDE
.text C:\WINDOWS\system32\svchost.exe[1296] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007800AB
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00770025
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00770F7C
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00770FD4
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0077000A
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00770F8D
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00770FEF
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00770F9E
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [97, 88]
.text C:\WINDOWS\system32\svchost.exe[1296] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00770FAF
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\system32\svchost.exe[1296] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00760047
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!system 77C293C7 5 Bytes JMP 0076002C
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00760011
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00760FEF
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00760FBC
.text C:\WINDOWS\system32\svchost.exe[1296] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00760000
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1336] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CA0FEF
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CA0F8A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CA0089
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CA006C
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CA005B
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CA002F
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CA0F4D
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CA0F5E
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CA0EFC
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CA0F21
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00CA00B0
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00CA004A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00CA000A
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00CA0F6F
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00CA0FC3
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00CA0FD4
.text C:\WINDOWS\System32\svchost.exe[1336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00CA0F32
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C9002C
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C90070
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C9001B
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C9000A
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C9005F
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00C9004E
.text C:\WINDOWS\System32\svchost.exe[1336] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C9003D
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1336] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[1336] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C80FB4
.text C:\WINDOWS\System32\svchost.exe[1336] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C80FCF
.text C:\WINDOWS\System32\svchost.exe[1336] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C8002E
.text C:\WINDOWS\System32\svchost.exe[1336] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C80000
.text C:\WINDOWS\System32\svchost.exe[1336] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C8003F
.text C:\WINDOWS\System32\svchost.exe[1336] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C8001D
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01CF0001
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\3M\PSNLite\PsnLite.exe[1384] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001
.text C:\Program Files\Apoint\Apoint.exe[1404] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Apoint\Apoint.exe[1404] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Apoint\Apoint.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Apoint\Apoint.exe[1404] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apoint.exe[1404] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Apoint\Apoint.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Apoint\Apoint.exe[1404] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1420] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\S24EvMon.exe[1488] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010D0001
.text C:\WINDOWS\System32\S24EvMon.exe[1488] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\S24EvMon.exe[1488] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017D0001
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ZCfgSvc.exe[1528] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1600] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00920FEF
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00920F86
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0092007B
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00920F97
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0092004A
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00920FA8
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00920F47
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00920F58
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009200CF
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009200AA
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00920F1B
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0092002F
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00920FD4
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00920F75
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00920FC3
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00920F36
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00910FCA
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00910F83
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00910011
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00910FE5
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00910040
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00910000
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00910F94
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B1, 88] {MOV CL, 0x88}
.text C:\WINDOWS\System32\svchost.exe[1600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00910FB9
.text C:\WINDOWS\System32\svchost.exe[1600] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1600] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00900F90
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!system 77C293C7 5 Bytes JMP 00900FA1
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00900FD7
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00900000
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00900FBC
.text C:\WINDOWS\System32\svchost.exe[1600] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00900011
.text C:\WINDOWS\System32\svchost.exe[1600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 008F0FEF
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\Program Files\Apoint\Apntex.exe[1636] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Apoint\Apntex.exe[1636] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Apoint\Apntex.exe[1636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Apoint\Apntex.exe[1636] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Apoint\Apntex.exe[1636] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Apoint\Apntex.exe[1636] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Apoint\Apntex.exe[1636] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AE0000
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AE0080
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AE0065
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AE0F81
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AE004A
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AE0FC3
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AE0F49
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AE0F5A
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AE00B3
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AE00A2
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AE0EF5
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AE0FA8
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AE0FE5
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AE0091
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AE002F
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AE0FD4
.text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AE0F24
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AD0FAF
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AD0051
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AD0FCA
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AD0FDB
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AD0040
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AD0000
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00AD0025
.text C:\WINDOWS\System32\svchost.exe[1672] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AD0F94
.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[1672] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AC0016
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AC0F8B
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AC0FB7
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AC0FEF
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AC0F9C
.text C:\WINDOWS\System32\svchost.exe[1672] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00AC0FD2
.text C:\WINDOWS\System32\svchost.exe[1672] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AB0FE5
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D70001
.text C:\WINDOWS\System32\DSentry.exe[1692] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\WINDOWS\System32\DSentry.exe[1692] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\WINDOWS\System32\DSentry.exe[1692] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\DSentry.exe[1692] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\DSentry.exe[1692] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\WINDOWS\System32\DSentry.exe[1692] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\DSentry.exe[1692] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01790001
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe[1696] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01370001
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1704] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 07810001
.text C:\Program Files\iRiver\Service\MLService.exe[1768] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [8B]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\iRiver\Service\MLService.exe[1768] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\iRiver\Service\MLService.exe[1768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\iRiver\Service\MLService.exe[1768] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\iRiver\Service\MLService.exe[1768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\iRiver\Service\MLService.exe[1768] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01630001
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\3M\PSNLite\PSNGive.exe[1796] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FB0001
.text C:\Program Files\iRiver\Service\Updater.exe[1812] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\iRiver\Service\Updater.exe[1812] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\iRiver\Service\Updater.exe[1812] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\iRiver\Service\Updater.exe[1812] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\iRiver\Service\Updater.exe[1812] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\iRiver\Service\Updater.exe[1812] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01BC0001
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee.com\Agent\mcagent.exe[1848] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jusched.exe[1896] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04430001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1928] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1928] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[1928] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03280001
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\AWS\WEATHE~1\Weather.exe[1988] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2256] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BF0000
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BF0093
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BF0F94
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BF0FA5
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BF0062
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BF0FCA
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BF00D2
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BF00B5
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BF0108
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateProcessA 7C80236B 1 Byte [E9]
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BF0F6F
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BF0F54
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BF0051
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BF001B
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BF00A4
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BF0FDB
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BF002C
.text C:\WINDOWS\System32\svchost.exe[2256] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BF00ED
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00BD0036
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00BD0FA5
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00BD001B
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00BD0000
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00BD0FC0
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00BD0FE5
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00BD0062
.text C:\WINDOWS\System32\svchost.exe[2256] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00BD0047
.text C:\WINDOWS\System32\svchost.exe[2256] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
.text C:\WINDOWS\System32\svchost.exe[2256] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
.text C:\WINDOWS\System32\svchost.exe[2256] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00BC0FC8
.text C:\WINDOWS\System32\svchost.exe[2256] msvcrt.dll!system 77C293C7 5 Bytes JMP 00BC0053
.text C:\WINDOWS\System32\svchost.exe[2256] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00BC002E
.text C:\WINDOWS\System32\svchost.exe[2256] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00BC0000
.text C:\WINDOWS\System32\svchost.exe[2256] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00BC0FD9
.text C:\WINDOWS\System32\svchost.exe[2256] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00BC0011
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetOpenA 7806C879 5 Bytes JMP 00BE0FE5
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetOpenW 7806CEA9 5 Bytes JMP 00BE0FCA
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetOpenUrlA 78070BD2 5 Bytes JMP 00BE0FB9
.text C:\WINDOWS\System32\svchost.exe[2256] WININET.dll!InternetOpenUrlW 780BB079 5 Bytes JMP 00BE0F9E
.text C:\WINDOWS\System32\svchost.exe[2256] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AA0000
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2344] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\basfipm.exe[2360] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\basfipm.exe[2360] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\WINDOWS\System32\basfipm.exe[2360] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\basfipm.exe[2360] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01300001
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[2424] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 021B0001
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[2516] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01150001
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\program files\common files\mcafee\mna\mcnasvc.exe[2580] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03100001
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C340 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C3C0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[2628] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 033A0001
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[2852] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02FA0001
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\McAfee\MPF\MPFSrv.exe[2880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\RegSrvc.exe[3192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01130001
.text C:\WINDOWS\System32\RegSrvc.exe[3192] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\RegSrvc.exe[3192] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02C90001
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Support.com\bin\tgcmd.exe[3616] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\RioMSC.exe[3660] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\RioMSC.exe[3660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01120001
.text C:\WINDOWS\system32\RioMSC.exe[3660] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\RioMSC.exe[3660] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[3740] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[3904] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\Explorer.EXE[356] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\services.exe[928] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\lsass.exe[940] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1100] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1212] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\system32\svchost.exe[1296] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1336] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1600] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[1672] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 5F370000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] 5F3C0000
IAT C:\WINDOWS\System32\svchost.exe[2256] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
Device \FileSystem\Fastfat \Fat F7D6BD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\MSIVXcuwouiiuaiergmehcemonhhpnoinxywf.sys (*** hidden *** ) [SYSTEM] MSIVXserv.sys <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXcuwouiiuaiergmehcemonhhpnoinxywf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXcuwouiiuaiergmehcemonhhpnoinxywf.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXgsalimudcooyeyvfoisskiialtqksuml.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXvvafkvgkgmpfdmkgqyfgnmvctyrieoci.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@imagepath \systemroot\system32\drivers\MSIVXcuwouiiuaiergmehcemonhhpnoinxywf.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXserv \\?\globalroot\systemroot\system32\drivers\MSIVXcuwouiiuaiergmehcemonhhpnoinxywf.sys
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXl \\?\globalroot\systemroot\system32\MSIVXgsalimudcooyeyvfoisskiialtqksuml.dll
Reg HKLM\SYSTEM\ControlSet003\Services\MSIVXserv.sys\modules@MSIVXclk \\?\globalroot\systemroot\system32\MSIVXvvafkvgkgmpfdmkgqyfgnmvctyrieoci.dll
---- Files - GMER 1.0.15 ----
File C:\windows\system32\MSIVXcount 4 bytes
File C:\windows\system32\MSIVXgsalimudcooyeyvfoisskiialtqksuml.dll 23552 bytes executable
File C:\windows\system32\MSIVXvvafkvgkgmpfdmkgqyfgnmvctyrieoci.dll 56320 bytes executable
File C:\windows\system32\drivers\MSIVXcuwouiiuaiergmehcemonhhpnoinxywf.sys 77824 bytes executable <-- ROOTKIT !!!
---- EOF - GMER 1.0.15 ----
Information
Registry Cleaners
Re. Registry Mechanic 8.0
I don't personally recommend the use of ANY registry cleaners.
Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't "bad" as such, but they aren't perfect and even the best have been known to cause problems.
The point we are trying to make is that the risk of using one far outweighs any benefit.
If it does work perfectly you will not see any difference
If it doesn't work properly you may end up with an expensive doorstop.
http://forums.whatthetech.com/Regcleaner_t42862.html
----------------------------------------------------------------------------------------
Step 1
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------------------------------------
Step 2
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review: Close any open programs.
Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Combofix Log
Kaspersky Log
How are things running now ?
---------------------------------------------------------------------------------------------------
---------------------------------------------------------------------------------------------------
Additional Notes
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download Java SE Runtime Environment (JRE) (http://java.sun.com/javase/downloads/index.jsp). ( don't install it yet )
Scroll down to where it says "Java SE Runtime Environment (JRE)".
Click the "Download" button to the right.
Platform = Windows Language = Multi Language
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Now download JavaRa (http://sourceforge.net/project/downloading.php?groupname=javara&filename=JavaRa.zip&use_mirror=osdn) and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.
Now install the Java SE Runtime Environment (JRE) package you downloaded
(it comes with a toolbar pre-selected, so make sure you uncheck the box)
You can delete JavaRa (zip and exe)
ComboFix 09-06-29.04 - Tara Brooks 06/29/2009 23:51.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.207 [GMT -4:00]
Running from: c:\documents and settings\Tara Brooks\Desktop\SharonCF.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Adware Professional
c:\program files\Adware Professional\Adware Professional.exe
c:\program files\Adware Professional\noadware4_062809.na
c:\program files\Adware Professional\nutilities.dll
c:\program files\Adware Professional\unins000.dat
c:\program files\Adware Professional\unins000.exe
c:\program files\Adware Professional\UninstlDll.dll
c:\windows\10390virus15z9.ocx
c:\windows\1059steal3z679.ocx
c:\windows\10d4adz9a5e496.cpl
c:\windows\11005z9oj92.dll
c:\windows\11146not-a-9iruszb5.ocx
c:\windows\11394hac5tooz95a.bin
c:\windows\11409not-a-vzrus550.ocx
c:\windows\11483vizus590.ocx
c:\windows\1163thr9at9585z.ocx
c:\windows\11679s5ambot4z4.ocx
c:\windows\117059orm30z.exe
c:\windows\120asp9rze20075.cpl
c:\windows\1211b5ckzoor3009.bin
c:\windows\12136wor5z849.cpl
c:\windows\12170w9rmz5b.ocx
c:\windows\12525wormz4f9.cpl
c:\windows\1254tr9j715z.dll
c:\windows\12959wormz9.exe
c:\windows\12993trz5701.ocx
c:\windows\1305noz-9-vi5us630.exe
c:\windows\13513vzrus3a9.bin
c:\windows\135ftz5eat59369.dll
c:\windows\13962wo5m2zb9.cpl
c:\windows\14300w9zm559.bin
c:\windows\14z9sp95da.cpl
c:\windows\15038wo5952z.cpl
c:\windows\15093wzrm6085.exe
c:\windows\15309wor5z6b.ocx
c:\windows\15513s9yz54.cpl
c:\windows\1595virus66z.cpl
c:\windows\15b49ddwzre511.exe
c:\windows\16022spamboz925.ocx
c:\windows\161259y58z.exe
c:\windows\16590z9y45d.exe
c:\windows\1689zhacktoo5742.dll
c:\windows\16967zpyc5.exe
c:\windows\16978vi5uz5be9.ocx
c:\windows\16z96spambo57b99.ocx
c:\windows\17566spa9bo518z.bin
c:\windows\17655spazbot9bb.ocx
c:\windows\17930haczt5ol395.dll
c:\windows\1847znot-a59irus66f.bin
c:\windows\18691not95-virus24z.ocx
c:\windows\1885spambz979d5.dll
c:\windows\18956zr5j1829.exe
c:\windows\1900a9dwarez256.ocx
c:\windows\19235t9oj60z.cpl
c:\windows\19395v9rus49fz.ocx
c:\windows\19469v5ruz36a.cpl
c:\windows\1954795ruz572.dll
c:\windows\19614zpambo5fd.exe
c:\windows\1965viruz507.ocx
c:\windows\19720s5ambot64dz.cpl
c:\windows\19755spzmbot5f.bin
c:\windows\1a22back5oorz59.cpl
c:\windows\1b225p9rze1374.cpl
c:\windows\1f5dst9al29z0.ocx
c:\windows\1fe9backdoor9z65.dll
c:\windows\1z492h5c9tool23d.dll
c:\windows\1z591v5rus6fd.cpl
c:\windows\1zbcd5wn9oader1867.cpl
c:\windows\1zf1download951487.cpl
c:\windows\204739zyad5.ocx
c:\windows\20598haczt59l175.bin
c:\windows\20688vir9s375z.ocx
c:\windows\20699vir5z1cc.cpl
c:\windows\20989noz-a-virus559.dll
c:\windows\209fvir54z1.bin
c:\windows\209z1s5y409.exe
c:\windows\21252troz1569.cpl
c:\windows\2159addwzre27935.ocx
c:\windows\215z19ot-a-virus75.bin
c:\windows\216059rezt26856.exe
c:\windows\21922spzmbot55f.dll
c:\windows\2239tro54dcz.cpl
c:\windows\23699irz55.dll
c:\windows\2443spyz5re2379.cpl
c:\windows\24775sp9195z.cpl
c:\windows\24794virz5260.cpl
c:\windows\249199p56a7z.cpl
c:\windows\2495zworm593.exe
c:\windows\2519ztr59140.exe
c:\windows\2560bzckdoor2959.cpl
c:\windows\25611s5ambotz99.cpl
c:\windows\25727worm498z.ocx
c:\windows\25857t9z527d.bin
c:\windows\25f8zhie92883.ocx
c:\windows\25z785roj977.ocx
c:\windows\2609vzr9s551.dll
c:\windows\26359tzoj49d.exe
c:\windows\2655z9roj455.cpl
c:\windows\26721s5ambzt33a9.ocx
c:\windows\2677backdoor5689z.exe
c:\windows\26d1spy9are15z95.bin
c:\windows\26d6zpywar52924.dll
c:\windows\27564hacktool9z1.exe
c:\windows\279thi9f3572z.bin
c:\windows\28495tz9j55c.dll
c:\windows\28539hacktool22z.dll
c:\windows\2919thi5f137z.bin
c:\windows\29235worm617z.bin
c:\windows\294899pamb5t60az.cpl
c:\windows\294zdownlo5der3109.cpl
c:\windows\295bspazse187.dll
c:\windows\296635p94bbz.ocx
c:\windows\29755spamboz1e29.ocx
c:\windows\2979sparsz5379.cpl
c:\windows\29861h9c5tool16ez.cpl
c:\windows\2995downl9ader1177z.exe
c:\windows\2c2v9z5668.exe
c:\windows\2d7ds5ywzre2999.exe
c:\windows\2dbb9pazse1529.ocx
c:\windows\2eefspywaz52905.bin
c:\windows\2f309hr5zt25445.dll
c:\windows\2f9dsparse359z.cpl
c:\windows\2z5685ackto9l4c9.cpl
c:\windows\2z7b5ddwa9e413.bin
c:\windows\301599irzs5e6.dll
c:\windows\304985rzj4e0.ocx
c:\windows\309159p5599z.bin
c:\windows\31209spazbot5749.cpl
c:\windows\31219hack9zo55cb.exe
c:\windows\31951not-a-ziru5564.dll
c:\windows\319as9yzare2459.bin
c:\windows\31z79ac5door2787.exe
c:\windows\32295z9rm7bc.bin
c:\windows\3393ba5kdoo9254z.cpl
c:\windows\3399threat4025z.dll
c:\windows\3409v9r1053z.cpl
c:\windows\34de9hiez2351.cpl
c:\windows\354bsp5zare2952.cpl
c:\windows\3594steal9z5.bin
c:\windows\35959hizf554.exe
c:\windows\35aadownl9aderz459.ocx
c:\windows\36a4thz5at31906.ocx
c:\windows\377dvzr55509.cpl
c:\windows\37cdvi5z977.exe
c:\windows\382zs95180.ocx
c:\windows\3949thizf835.ocx
c:\windows\3955zo596d5.cpl
c:\windows\39580n5t-a-virus56z.exe
c:\windows\395v5rusz9e.dll
c:\windows\397bzir2515.ocx
c:\windows\39b5stzal2157.bin
c:\windows\39fa9dware140z5.dll
c:\windows\3abcspzrs9553.dll
c:\windows\3bfdad95aze441.bin
c:\windows\3c89s5arze1583.ocx
c:\windows\3e0zv951953.bin
c:\windows\3ea7d5w9loadez129.bin
c:\windows\3z2da5dware1928.cpl
c:\windows\3z7dth5e9969.dll
c:\windows\3z91spambot5bc.bin
c:\windows\40b9dow5zoader1079.exe
c:\windows\4235vzrus75d9.exe
c:\windows\4250zpyware938.ocx
c:\windows\42a59pazse2357.cpl
c:\windows\4307backdzo95676.ocx
c:\windows\438dsp95se32z2.cpl
c:\windows\44cezac5door159.ocx
c:\windows\4518s9amb5z2b2.bin
c:\windows\452zroj559.cpl
c:\windows\45z6hac9t5ol760.exe
c:\windows\4695iz790.ocx
c:\windows\4836stezl959.ocx
c:\windows\4840spar9e3z58.dll
c:\windows\4958downloadzr1345.bin
c:\windows\49azdownload5r2676.dll
c:\windows\49e3backz5or2424.bin
c:\windows\4b0adowzlo9der13645.cpl
c:\windows\4b90s5ywaze2536.bin
c:\windows\4dz5steal5169.ocx
c:\windows\4e5b9pzware2857.cpl
c:\windows\4f689te5lz6.bin
c:\windows\4f9badzware25809.dll
c:\windows\4z21spar591603.exe
c:\windows\4zd4ba9kdoo5753.cpl
c:\windows\50309z5j678.exe
c:\windows\5051dzwnloader11259.ocx
c:\windows\50569par5e2z79.ocx
c:\windows\5180spyzar52309.exe
c:\windows\51azthre5t12298.bin
c:\windows\5259virz52.cpl
c:\windows\529ethief123z.bin
c:\windows\52fea5d9zre3029.ocx
c:\windows\5383not-a-9i5usz08.exe
c:\windows\546dzwnload952011.dll
c:\windows\549thiz53031.ocx
c:\windows\5505thiefz994.cpl
c:\windows\5515vzr99.bin
c:\windows\55229szy3f49.dll
c:\windows\5522do9nloazer1723.dll
c:\windows\5529thizf2777.dll
c:\windows\5559spy6ffz.bin
c:\windows\555zspy31d9.dll
c:\windows\5587vi91z5.bin
c:\windows\55ae9ow5loader318z.dll
c:\windows\55d2a9dware1458z.exe
c:\windows\55z2steal3159.bin
c:\windows\560z9pambot58c.exe
c:\windows\5640v59uz11f.exe
c:\windows\5803not-a5virzs7d89.exe
c:\windows\583z09py44.ocx
c:\windows\59202spambotz76.exe
c:\windows\592zsteal1547.ocx
c:\windows\5968sp5rze2299.dll
c:\windows\596sz9al3150.exe
c:\windows\597azhief9445.exe
c:\windows\597vir468z.bin
c:\windows\5993backzoor518.bin
c:\windows\59941spyz93.bin
c:\windows\5999v9rz30.bin
c:\windows\59e8add5are670z.cpl
c:\windows\5ab9backdoorz9125.dll
c:\windows\5aez5ir2979.exe
c:\windows\5b0cz9ief16885.exe
c:\windows\5c1ethreat933z.dll
c:\windows\5cfzt9ief268.cpl
c:\windows\5d529ackdoor175z.dll
c:\windows\5d659parsez087.dll
c:\windows\5d80st5az259.dll
c:\windows\5d9bzhreat11928.bin
c:\windows\5da3sp9wa5e1998z.dll
c:\windows\5de7spyware5591z.ocx
c:\windows\5dzc9ddware571.bin
c:\windows\5e9fsparsz2669.exe
c:\windows\5f09zt5al1798.bin
c:\windows\5f6edowzloader23569.dll
c:\windows\5fc2ba9kzo5r744.ocx
c:\windows\5z1v953194.cpl
c:\windows\60a1spzw9re18025.bin
c:\windows\61z0thie5649.exe
c:\windows\621cste5z2931.dll
c:\windows\627fdoz9lo5der1323.cpl
c:\windows\627v5r9s6ze.cpl
c:\windows\62zddow5loade9278.exe
c:\windows\632stezl9755.ocx
c:\windows\63z35p9ware1955.exe
c:\windows\63zcvi9584.cpl
c:\windows\system32\drivers\fad.sys
c:\windows\system32\drivers\MSIVXcuwouiiuaiergmehcemonhhpnoinxywf.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXgsalimudcooyeyvfoisskiialtqksuml.dll
c:\windows\system32\MSIVXvvafkvgkgmpfdmkgqyfgnmvctyrieoci.dll
c:\windows\system32\setup2.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_MSIVXserv.sys
((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-30 )))))))))))))))))))))))))))))))
.
2009-12-28 15:01 . 2009-12-28 15:01 3360 ----a-w- c:\windows\system32\213db9zkdoo51136.exe
2009-12-26 16:24 . 2009-12-26 16:24 11086 ----a-w- c:\windows\system32\28860no9-a5virus67z.dll
2009-12-26 06:41 . 2009-12-26 06:41 7744 ----a-w- c:\windows\985dzhief521.exe
2009-12-19 07:06 . 2009-12-19 07:06 7508 ----a-w- c:\windows\za88spyw9re5395.bin
2009-12-15 03:13 . 2009-12-15 03:13 6215 ----a-w- c:\windows\system32\24z36wo5m97.exe
2009-12-13 12:05 . 2009-12-13 12:05 6364 ----a-w- c:\windows\system32\5d58steal9959z.dll
2009-12-05 15:23 . 2009-12-05 15:23 17727 ----a-w- c:\windows\9849tr5jzf5.exe
2009-12-04 01:59 . 2009-12-04 01:59 5851 ----a-w- c:\windows\system32\944sp5rse95z.bin
2009-12-03 18:02 . 2009-12-03 18:02 15882 ----a-w- c:\windows\system32\2c5sp9rsz3149.dll
2009-11-25 15:40 . 2009-11-25 15:40 4194 ----a-w- c:\windows\system32\93abac5zoor1582.bin
2009-11-21 21:30 . 2009-11-21 21:30 6419 ----a-w- c:\windows\system32\1817h5ckt9zlfb.dll
2009-11-18 21:27 . 2009-11-18 21:27 16490 ----a-w- c:\windows\system32\19878tzoj59b5.bin
2009-11-13 01:28 . 2009-11-13 01:28 15535 ----a-w- c:\windows\983spam5zt696.exe
2009-11-08 21:06 . 2009-11-08 21:06 4782 ----a-w- c:\windows\system32\5ed6backd9or1570z.dll
2009-10-28 22:39 . 2009-10-28 22:39 3466 ----a-w- c:\windows\system32\23592not-5-virz97e9.dll
2009-10-24 23:30 . 2009-10-24 23:30 14303 ----a-w- c:\windows\system32\50710not-a-virzs30d9.exe
2009-10-19 10:25 . 2009-10-19 10:25 6204 ----a-w- c:\windows\90112hack5ool4z4.exe
2009-10-10 10:21 . 2009-10-10 10:21 4149 ----a-w- c:\windows\system32\2c7aaddza5e23719.dll
2009-10-08 08:42 . 2009-10-08 08:42 12045 ----a-w- c:\windows\system32\59z8vir1695.dll
2009-10-06 20:28 . 2009-10-06 20:28 17273 ----a-w- c:\windows\system32\7bc1thi5f2958z.bin
2009-10-06 04:31 . 2009-10-06 04:31 8369 ----a-w- c:\windows\system32\56c9sparse293z5.exe
2009-10-03 03:13 . 2009-10-03 03:13 13168 ----a-w- c:\windows\system32\75c49ir1792z.bin
2009-10-01 22:19 . 2009-10-01 22:19 5021 ----a-w- c:\windows\system32\555z9py32b.bin
2009-10-01 17:41 . 2009-10-01 17:41 14765 ----a-w- c:\windows\9z5threa57982.dll
2009-09-28 05:16 . 2009-09-28 05:16 15009 ----a-w- c:\windows\system32\7771backzo9r1508.bin
2009-09-25 22:29 . 2009-09-25 22:29 3437 ----a-w- c:\windows\9933nzt-95virus3d4.dll
2009-09-24 21:09 . 2009-09-24 21:09 12927 ----a-w- c:\windows\system32\98z45tro5140.dll
2009-09-19 13:30 . 2009-09-19 13:30 11680 ----a-w- c:\windows\system32\41f9zparse93225.exe
2009-09-18 09:57 . 2009-09-18 09:57 10951 ----a-w- c:\windows\system32\za929pyw5re487.bin
2009-09-15 15:57 . 2009-09-15 15:57 2907 ----a-w- c:\windows\system32\6a39zownlo5der1777.dll
2009-09-14 01:35 . 2009-09-14 01:35 11389 ----a-w- c:\windows\94a1adzware1956.dll
2009-09-11 02:30 . 2009-09-11 02:30 15559 ----a-w- c:\windows\system32\1519vir5s909z.dll
2009-09-09 11:57 . 2009-09-09 11:57 17069 ----a-w- c:\windows\system32\183adzwnlo5der2092.bin
2009-09-08 15:38 . 2009-09-08 15:38 2558 ----a-w- c:\windows\system32\24917h9cktooz1935.bin
2009-09-08 06:44 . 2009-09-08 06:44 2572 ----a-w- c:\windows\system32\20027worz6059.bin
2009-09-03 02:08 . 2009-09-03 02:08 7949 ----a-w- c:\windows\system32\5005spy9z55.bin
2009-08-28 20:35 . 2009-08-28 20:35 2785 ----a-w- c:\windows\68fadzwn5oad9r1676.exe
2009-08-27 09:14 . 2009-08-27 09:14 3805 ----a-w- c:\windows\system32\9d85hie93049z.dll
2009-08-25 21:05 . 2009-08-25 21:05 3430 ----a-w- c:\windows\system32\745badd9are11z8.exe
2009-08-23 21:56 . 2009-08-23 21:56 10635 ----a-w- c:\windows\system32\6902viz4755.dll
2009-08-21 03:00 . 2009-08-21 03:00 15911 ----a-w- c:\windows\system32\22507wo9m5ez.bin
2009-08-13 02:52 . 2009-08-13 02:52 7583 ----a-w- c:\windows\system32\11767tro59z9.bin
2009-08-12 23:37 . 2009-08-12 23:37 12239 ----a-w- c:\windows\system32\7525sp9r5ez292.exe
2009-08-09 12:35 . 2009-08-09 12:35 15873 ----a-w- c:\windows\7z40tro5159.dll
2009-08-05 18:13 . 2009-08-05 18:13 11187 ----a-w- c:\windows\system32\17431zpambo592e.bin
2009-08-05 11:28 . 2009-08-05 11:28 5824 ----a-w- c:\windows\system32\57db9zreat2883.dll
2009-08-01 13:58 . 2009-08-01 13:58 10570 ----a-w- c:\windows\system32\4c95sparze2453.dll
2009-07-28 20:52 . 2009-07-28 20:52 14159 ----a-w- c:\windows\system32\19002hazkto5l5f7.bin
2009-07-25 23:37 . 2009-07-25 23:37 9046 ----a-w- c:\windows\system32\zb799p5rse821.bin
2009-07-23 00:13 . 2009-07-23 00:13 11110 ----a-w- c:\windows\8195ddwarez015.dll
2009-07-22 21:20 . 2009-07-22 21:20 2933 ----a-w- c:\windows\system32\675espyw9rez965.exe
2009-07-21 19:20 . 2009-07-21 19:20 9808 ----a-w- c:\windows\system32\59zcvi9589.bin
2009-07-18 15:32 . 2009-07-18 15:32 14638 ----a-w- c:\windows\system32\14z14ha9ktoo539.exe
2009-07-14 20:53 . 2009-07-14 20:53 8279 ----a-w- c:\windows\system32\2e145ozn9oader1441.exe
2009-07-14 03:06 . 2009-07-14 03:06 8457 ----a-w- c:\windows\7992zir357.exe
2009-07-13 20:43 . 2009-07-13 20:43 13878 ----a-w- c:\windows\system32\6a90t9ie5z37.dll
2009-07-11 16:46 . 2009-07-11 16:46 4921 ----a-w- c:\windows\system32\zc5avir9995.dll
2009-07-09 10:21 . 2009-07-09 10:21 8239 ----a-w- c:\windows\system32\5549steal84z.exe
2009-07-07 19:12 . 2009-07-07 19:12 7577 ----a-w- c:\windows\9865thzeat23013.dll
2009-07-07 04:42 . 2009-07-07 04:42 15191 ----a-w- c:\windows\system32\2b93t5i9fz160.bin
2009-07-06 02:32 . 2009-07-06 02:32 11773 ----a-w- c:\windows\system32\20629szy685.bin
2009-07-03 09:56 . 2009-07-03 09:56 16046 ----a-w- c:\windows\system32\17zbthi9f1557.dll
2009-07-02 09:33 . 2009-07-02 09:33 17949 ----a-w- c:\windows\system32\53zaaddwa9e1985.bin
2009-07-01 07:13 . 2009-07-01 07:13 12822 ----a-w- c:\windows\7593steal2z81.exe
2009-06-30 03:11 . 2009-06-30 03:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-28 22:18 . 2009-06-28 22:19 -------- d-----w- C:\rsit
2009-06-28 21:06 . 2009-06-28 21:06 14 ----a-w- c:\windows\ASSE.dat
2009-06-28 17:45 . 2009-06-30 02:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 17:45 . 2009-06-28 17:49 -------- d-----w- c:\program files\SpywareBlaster
2009-06-28 00:58 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 00:58 . 2009-06-28 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-28 00:58 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 00:58 . 2009-06-28 01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-27 09:04 . 2009-06-27 09:04 7063 ----a-w- c:\windows\system32\934fs5yware296z.bin
2009-06-26 16:20 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-26 16:20 . 2009-06-26 16:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-26 16:15 . 2009-06-26 16:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-26 16:13 . 2009-06-27 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-26 16:13 . 2009-06-27 17:31 -------- d-----w- c:\program files\NOS
2009-06-26 06:03 . 2009-06-28 22:19 -------- d-----w- c:\program files\Trend Micro
2009-06-26 05:40 . 2009-06-26 05:40 -------- d-----w- c:\program files\ERUNT
2009-06-25 19:03 . 2009-06-25 19:03 2853 ----a-w- c:\windows\system32\b2z9own5oader2499.bin
2009-06-24 01:39 . 2009-06-24 01:39 34062 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-23 19:16 . 2009-06-25 23:20 -------- d-----w- c:\program files\DivX
2009-06-23 18:54 . 2009-06-23 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-06-23 11:33 . 2009-06-23 11:33 16879 ----a-w- c:\windows\system32\27969nzt-a-vi5us580.exe
2009-06-22 16:40 . 2009-06-22 16:40 12258 ----a-w- c:\windows\system32\3529ad9ware1z59.dll
2009-06-17 13:04 . 2009-06-17 13:04 4370 ----a-w- c:\windows\system32\z54455p9mbot18.exe
2009-06-15 15:02 . 2009-06-15 15:02 7477 ----a-w- c:\windows\system32\2124d9wnzoader1515.exe
2009-06-14 19:52 . 2009-06-14 19:52 12168 ----a-w- c:\windows\system32\559faddwzre1119.bin
2009-06-13 21:51 . 2009-06-13 21:51 11068 ----a-w- c:\windows\system32\3988hac9tool5z05.bin
2009-06-13 07:59 . 2009-06-13 07:59 11835 ----a-w- c:\windows\system32\3393ste9l28z5.dll
2009-06-10 02:17 . 2009-06-10 02:17 17739 ----a-w- c:\windows\system32\55a99zeal2962.dll
2009-06-01 13:47 . 2009-06-01 13:47 15101 ----a-w- c:\windows\6e55zackd5or29459.bin
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 01:22 . 2005-02-17 14:44 -------- d-----w- c:\documents and settings\Tara Brooks\Application Data\WeatherBug
2009-06-26 16:29 . 2004-08-18 21:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 23:25 . 2009-01-20 00:09 -------- d-----w- c:\program files\SmartDraw 2009
2009-06-25 23:23 . 2004-07-29 23:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 23:21 . 2006-07-19 21:23 -------- d-----w- c:\program files\Java
2009-06-25 23:20 . 2008-11-26 06:04 -------- d-----w- c:\program files\DNA
2009-06-24 01:40 . 2007-03-24 00:31 -------- d--h--w- c:\documents and settings\Tara Brooks\Application Data\Move Networks
2009-06-16 01:48 . 2006-11-20 01:14 1915520 -c--a-w- c:\documents and settings\Tara Brooks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-28 11:57 . 2009-05-28 11:57 9600 ----a-w- c:\windows\system32\5900dow5lozder1641.dll
2009-05-27 06:14 . 2009-05-27 06:14 8910 ----a-w- c:\windows\679ha59toolz7f.exe
2009-05-27 05:04 . 2006-10-22 18:25 3688 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-19 18:04 . 2009-05-19 18:04 10280 ----a-w- c:\windows\system32\68dzaddwa5e9092.bin
2009-05-15 22:37 . 2009-05-15 22:37 12269 ----a-w- c:\windows\system32\1997thief538z.bin
2009-05-07 19:58 . 2009-05-07 19:58 14795 ----a-w- c:\windows\system32\9061h9cktozl235.bin
2009-05-07 15:32 . 2004-07-29 23:21 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 15:27 . 2009-05-07 15:27 5325 ----a-w- c:\windows\system32\2b8zdown5oader2559.exe
2009-05-07 00:53 . 2009-05-07 00:53 8129 ----a-w- c:\windows\7683addwar9z505.exe
2009-05-06 23:52 . 2009-05-06 23:52 6210 ----a-w- c:\windows\system32\1b9zthief11759.exe
2009-05-04 08:15 . 2009-05-04 08:15 15580 ----a-w- c:\windows\7619vzrus455.exe
2009-05-03 21:37 . 2007-02-02 02:37 -------- d-----w- c:\program files\McAfee
2009-05-01 23:41 . 2009-05-01 23:41 2843 ----a-w- c:\windows\system32\e4eba9zd5or2735.exe
2009-04-29 04:56 . 2004-08-24 00:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-23 20:43 . 2009-04-23 20:43 13005 ----a-w- c:\windows\system32\81025rojzd9.dll
2009-04-22 15:12 . 2009-04-22 15:12 3172 ----a-w- c:\windows\z1691virus595.dll
2009-04-22 10:20 . 2009-04-22 10:20 6249 ----a-w- c:\windows\system32\3047threatz59.exe
2009-04-17 12:26 . 2004-07-29 23:21 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 00:31 . 2009-04-17 00:31 6292 ----a-w- c:\windows\system32\z35vir21579.bin
2009-04-15 14:51 . 2004-07-29 23:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 21:33 . 2009-04-14 21:33 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-14 02:41 . 2009-04-14 02:41 10430 ----a-w- c:\windows\system32\9eab5ddwaze571.bin
2009-04-12 05:04 . 2009-04-12 05:04 12727 ----a-w- c:\windows\system32\z9935orm4e8.exe
2009-04-11 22:52 . 2009-04-11 22:52 6298 ----a-w- c:\windows\system32\15ebs9yware1022z.exe
2009-04-11 13:09 . 2009-04-11 13:09 13918 ----a-w- c:\windows\7911backd5oz808.bin
2009-04-09 06:08 . 2009-04-09 06:08 7086 ----a-w- c:\windows\9ab1zddw5re431.bin
2009-04-04 04:57 . 2009-04-04 04:57 3014 ----a-w- c:\windows\936baddwzre835.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2005-06-07 1339392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="c:\program files\Support.com\providerComcast\desktopdoctor.exe" [2006-06-02 1286144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-03 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2006-10-30 131072]
"iRiver AutoDB"="c:\program files\iRiver\Service\MLService.exe" [2004-09-10 1040384]
"iRiver Updater"="c:\program files\iRiver\Service\Updater.exe" [2004-09-07 212992]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-11-26 136600]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-05 28672]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-29 24576]
Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2006-12-18 479232]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-6-2 1622016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 11:55 110592 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Tara Brooks\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 lowpp;Lowrance MMC Parallel Port Driver;c:\windows\system32\drivers\lowpp.sys [6/3/2007 11:20 AM 7787]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:26 PM 24652]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [12/18/2006 10:31 PM 20608]
S3 MLFILEM;MLFILEM;c:\windows\system32\drivers\MLFILEM.SYS [12/11/2004 1:40 AM 28160]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211U.sys [12/18/2006 10:31 PM 278016]
.
Contents of the 'Scheduled Tasks' folder
2009-06-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-02 17:32]
2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-02 17:32]
2009-06-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Aim6 - (no file)
HKLM-Run-WinBlueSoft - c:\program files\WinBlueSoft Software\WinBlueSoft\WinBlueSoft.exe
HKLM-Run-bascstray - BascsTray.exe
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.utk.edu/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 00:03
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\LgNotify.dll
.
Completion time: 2009-06-30 0:06
ComboFix-quarantined-files.txt 2009-06-30 04:06
Pre-Run: 5,845,073,920 bytes free
Post-Run: 6,001,782,784 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
538 --- E O F --- 2009-06-25 19:29
Please run Combofix again and post the fresh log
(Let Kaspersky finish first )
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 30, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 30, 2009 12:48:03
Records in database: 2406184
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
Scan statistics:
Files scanned: 72106
Threat name: 3
Infected objects: 6
Suspicious objects: 0
Duration of the scan: 02:23:39
File name / Threat name / Threats count
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL/C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ao 1
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Program Files\MySearch\bar\1.bin\S42NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.j 1
C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ao 1
C:\Qoobox\Quarantine\C\windows\system32\f3PSSavr.scr.vir Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198335.scr Infected: not-a-virus:WebToolbar.Win32.MyWebSearch 1
The selected area was scanned.
Please run Combofix again and post the fresh log
ComboFix 09-06-29.04 - Tara Brooks 06/30/2009 21:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.284 [GMT -4:00]
Running from: c:\documents and settings\Tara Brooks\Desktop\SharonCF.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\6508vi5us9z8.bin
c:\windows\6595hacktzo959.exe
c:\windows\6599s5arse7z3.ocx
c:\windows\6756bzckdoor5399.cpl
c:\windows\679ha59toolz7f.exe
c:\windows\68fadzwn5oad9r1676.exe
c:\windows\69345roj5ze.exe
c:\windows\695ethr9zt50157.exe
c:\windows\6a96spyw9rez5.exe
c:\windows\6cd5steaz980.bin
c:\windows\6e55zackd5or29459.bin
c:\windows\6z295pars99.bin
c:\windows\7098th5efz251.bin
c:\windows\7215ack9ool4b9z.ocx
c:\windows\7293vir580z.exe
c:\windows\7360downlza59r3143.cpl
c:\windows\73c1s95alz327.exe
c:\windows\73ccthrzat959355.bin
c:\windows\7593steal2z81.exe
c:\windows\7619vzrus455.exe
c:\windows\7683addwar9z505.exe
c:\windows\774cthizf18295.exe
c:\windows\7835hrzat98508.dll
c:\windows\78c95pywzre2932.dll
c:\windows\78ze5p9ware555.bin
c:\windows\790dstea59z6.ocx
c:\windows\7911backd5oz808.bin
c:\windows\795aspar9ez58.ocx
c:\windows\7984zhi5f2089.ocx
c:\windows\7992zir357.exe
c:\windows\79a495arse161z.ocx
c:\windows\79ee9parze1558.bin
c:\windows\79zbthi5f2854.exe
c:\windows\7bd0d9wnlza5er3247.ocx
c:\windows\7cz5t9reat7269.ocx
c:\windows\7f35back9oor64z.cpl
c:\windows\7z40tro5159.dll
c:\windows\808th59f15z9.exe
c:\windows\813not-z9vir5s60c.bin
c:\windows\8195ddwarez015.dll
c:\windows\8619hackt9olz9f5.dll
c:\windows\86z95irus560.dll
c:\windows\90112hack5ool4z4.exe
c:\windows\902bvir5z6.dll
c:\windows\90fca5dware3z31.bin
c:\windows\9147viruz59.bin
c:\windows\916bthzef11405.ocx
c:\windows\9225st5al186z.bin
c:\windows\92975hzcktool7c2.dll
c:\windows\936baddwzre835.exe
c:\windows\9395zo9m220.cpl
c:\windows\94a1adzware1956.dll
c:\windows\9510szambo95c7.ocx
c:\windows\95723trzj537.ocx
c:\windows\9575steal1z46.bin
c:\windows\95z5spa5bot279.exe
c:\windows\969ft5reatz8612.bin
c:\windows\97831szambot4945.bin
c:\windows\979259y2z1.bin
c:\windows\983spam5zt696.exe
c:\windows\9849tr5jzf5.exe
c:\windows\985dzhief521.exe
c:\windows\9865thzeat23013.dll
c:\windows\987avzr549.cpl
c:\windows\99098trz558e.bin
c:\windows\9933nzt-95virus3d4.dll
c:\windows\9ab1zddw5re431.bin
c:\windows\9e69hrzat935.ocx
c:\windows\9f4azddware5845.exe
c:\windows\9z050virus265.cpl
c:\windows\9z5th9ef586.bin
c:\windows\9z5threa57982.dll
c:\windows\a29zhie5973.bin
c:\windows\c3espzrse905.cpl
c:\windows\c70d9wnlz5der461.ocx
c:\windows\d595ir199z.ocx
c:\windows\f95backdoor15z7.ocx
c:\windows\fzaaddwar59779.ocx
c:\windows\system32\10295teal156z.dll
c:\windows\system32\10349sp5mbzt293.exe
c:\windows\system32\1080znot-a-vi9us40c5.bin
c:\windows\system32\11089spz5bot759.ocx
c:\windows\system32\1137s9yzfa5.exe
c:\windows\system32\11767tro59z9.bin
c:\windows\system32\11a5addw9re592z.exe
c:\windows\system32\11z965py699.exe
c:\windows\system32\12315h9cztool20a.cpl
c:\windows\system32\12550wzrm75e9.dll
c:\windows\system32\13395t5oj5e1z.ocx
c:\windows\system32\13415not-a-virus5z69.exe
c:\windows\system32\13576spamzot914.bin
c:\windows\system32\1395download59z193.ocx
c:\windows\system32\14245p9wzre2880.exe
c:\windows\system32\14293zo5m129.exe
c:\windows\system32\145ztro927.cpl
c:\windows\system32\14z14ha9ktoo539.exe
c:\windows\system32\150z9troj324.ocx
c:\windows\system32\1519vir5s909z.dll
c:\windows\system32\151bthzeat91160.dll
c:\windows\system32\1533bac9dooz694.bin
c:\windows\system32\153et5rza928299.exe
c:\windows\system32\15460not-z-virus90b.dll
c:\windows\system32\15567troz49b.dll
c:\windows\system32\155999rojz2e.dll
c:\windows\system32\1559addwa9e2455z.ocx
c:\windows\system32\1593zs5y279.cpl
c:\windows\system32\15949spy5zc.ocx
c:\windows\system32\15ebs9yware1022z.exe
c:\windows\system32\15z96spy4c1.exe
c:\windows\system32\15z9back9oor1531.ocx
c:\windows\system32\15zcs9ywar52549.exe
c:\windows\system32\1689spzrse24535.dll
c:\windows\system32\17400not-5-viru9z38.cpl
c:\windows\system32\17431zpambo592e.bin
c:\windows\system32\175z9worm35b.bin
c:\windows\system32\17zbthi9f1557.dll
c:\windows\system32\1817h5ckt9zlfb.dll
c:\windows\system32\183adzwnlo5der2092.bin
c:\windows\system32\1855559y5z4.exe
c:\windows\system32\18c49pywarz1535.cpl
c:\windows\system32\19002hazkto5l5f7.bin
c:\windows\system32\19113zpy250.ocx
c:\windows\system32\1916thiez559.exe
c:\windows\system32\19322zorm5d.cpl
c:\windows\system32\19435troj115z.exe
c:\windows\system32\195a9dwaze5859.ocx
c:\windows\system32\19878tzoj59b5.bin
c:\windows\system32\19959z5y163.bin
c:\windows\system32\1997thief538z.bin
c:\windows\system32\1999znot-a5virus4e7.cpl
c:\windows\system32\19dt5zef799.dll
c:\windows\system32\19z0ste592724.dll
c:\windows\system32\1b2ds5azse9501.ocx
c:\windows\system32\1b9zthief11759.exe
c:\windows\system32\1c55th5efz962.cpl
c:\windows\system32\20027worz6059.bin
c:\windows\system32\20039not-5zvirus179.cpl
c:\windows\system32\20094zpy45c.bin
c:\windows\system32\20259irus5a9z.cpl
c:\windows\system32\20531spzmbo9b4.bin
c:\windows\system32\2055zvirus34e9.ocx
c:\windows\system32\20629szy685.bin
c:\windows\system32\20939not-azv5rus234.dll
c:\windows\system32\209d9znl5ader426.exe
c:\windows\system32\20z85ackdoo9190.dll
c:\windows\system32\2124d9wnzoader1515.exe
c:\windows\system32\2129ztroj5365.bin
c:\windows\system32\21353zp95bot10.ocx
c:\windows\system32\213db9zkdoo51136.exe
c:\windows\system32\2189not-a-v5rus6zd.ocx
c:\windows\system32\218bth9zf750.ocx
c:\windows\system32\2190thr5at6966z.dll
c:\windows\system32\2210zs9y587.cpl
c:\windows\system32\224bspy95ze2626.exe
c:\windows\system32\22507wo9m5ez.bin
c:\windows\system32\2255zhackto9l369.exe
c:\windows\system32\22592virus1z79.ocx
c:\windows\system32\2259spazse1785.exe
c:\windows\system32\2265zspy969.ocx
c:\windows\system32\22905w9zm655.dll
c:\windows\system32\23252tz9j6015.ocx
c:\windows\system32\232555o9z678.dll
c:\windows\system32\23512wzr97f5.cpl
c:\windows\system32\23592not-5-virz97e9.dll
c:\windows\system32\235z7not-a-virus9c.cpl
c:\windows\system32\23734no9-5-vzrus143.cpl
c:\windows\system32\2374595rz4cc.cpl
c:\windows\system32\23989tr5j93dz.ocx
c:\windows\system32\24173vzrus579.ocx
c:\windows\system32\24399spyz5c.bin
c:\windows\system32\2445tr9j3fbz.dll
c:\windows\system32\24917h9cktooz1935.bin
c:\windows\system32\24adviz2595.dll
c:\windows\system32\24f49owzl5ader2509.ocx
c:\windows\system32\24z36wo5m97.exe
c:\windows\system32\25661spa9bot1bz.ocx
c:\windows\system32\25769hzckt5ol660.bin
c:\windows\system32\25785hzcktool490.exe
c:\windows\system32\25965sp56ffz.ocx
c:\windows\system32\25abtzrea915509.cpl
c:\windows\system32\25b7stez52497.dll
c:\windows\system32\25d8zteal920.exe
c:\windows\system32\25z09hief1042.dll
c:\windows\system32\263z79i5usa4.ocx
c:\windows\system32\265zac5door9535.ocx
c:\windows\system32\2696downloaderz058.cpl
c:\windows\system32\269z0worm5e0.cpl
c:\windows\system32\2751zv9rusf8.exe
c:\windows\system32\276959py25ez.cpl
c:\windows\system32\27789hzck5oo933b.bin
c:\windows\system32\27969nzt-a-vi5us580.exe
c:\windows\system32\27e95pywaze9982.dll
c:\windows\system32\27z1spy5ar91882.ocx
c:\windows\system32\27z89hackt5ol60e.dll
c:\windows\system32\28860no9-a5virus67z.dll
c:\windows\system32\289ds5ywzre1168.ocx
c:\windows\system32\29130hackzool53e.exe
c:\windows\system32\2915bac9dzor2580.dll
c:\windows\system32\29551szy9a8.dll
c:\windows\system32\29599tzoj389.ocx
c:\windows\system32\296z3v9ru5268.exe
c:\windows\system32\29969vzr9s5d6.cpl
c:\windows\system32\29976spamz5t775.exe
c:\windows\system32\29z2not-a-virus556.cpl
c:\windows\system32\29z59v9rus5f5.cpl
c:\windows\system32\2b8zdown5oader2559.exe
c:\windows\system32\2b93t5i9fz160.bin
c:\windows\system32\2ba3thr9at2z159.bin
c:\windows\system32\2badow59oadez1189.exe
c:\windows\system32\2c5sp9rsz3149.dll
c:\windows\system32\2c7aaddza5e23719.dll
c:\windows\system32\2d19spyware198z5.cpl
c:\windows\system32\2e145ozn9oader1441.exe
c:\windows\system32\2e93tzief252.bin
c:\windows\system32\2z257not9a-virus556.ocx
c:\windows\system32\2z332tro5359.ocx
c:\windows\system32\2z490sp5937.exe
c:\windows\system32\2z595hreat27811.ocx
c:\windows\system32\2z85vir3969.cpl
c:\windows\system32\2z929ddware5309.cpl
c:\windows\system32\2z952worm7a.bin
c:\windows\system32\3047threatz59.exe
c:\windows\system32\3055znot-a-virus5659.cpl
c:\windows\system32\3063tzoj659.dll
c:\windows\system32\3094z59ambot257.exe
c:\windows\system32\31582tro5z829.bin
c:\windows\system32\315abazkdoor9781.dll
c:\windows\system32\31964not-a-vi5us466z.cpl
c:\windows\system32\32001hack9ool45z.cpl
c:\windows\system32\32078s5y9z7.bin
c:\windows\system32\32259tro559ez.ocx
c:\windows\system32\3229baczdoor365.exe
c:\windows\system32\32372troz795.exe
c:\windows\system32\32667zroj5329.cpl
c:\windows\system32\3267addwarz14059.bin
c:\windows\system32\3339stzal2157.cpl
c:\windows\system32\3393ste9l28z5.dll
c:\windows\system32\33a9d9wnloaze51173.exe
c:\windows\system32\33c15tza91677.exe
c:\windows\system32\3529ad9ware1z59.dll
c:\windows\system32\352aspyware9520z.exe
c:\windows\system32\352ethreat9z443.dll
c:\windows\system32\35419spz4c5.exe
c:\windows\system32\35594worz554.bin
c:\windows\system32\35629szy6ce.ocx
c:\windows\system32\3584sp9ware2z0.cpl
c:\windows\system32\359tzief5214.bin
c:\windows\system32\35zhacktool937.dll
c:\windows\system32\36359zrm2c8.dll
c:\windows\system32\363bb5ckdoor1z119.ocx
c:\windows\system32\36c9addwaze2598.ocx
c:\windows\system32\3988hac9tool5z05.bin
c:\windows\system32\398dthief5z0.ocx
c:\windows\system32\39967z5y16b.ocx
c:\windows\system32\39orz335.exe
c:\windows\system32\39z19py4d5.cpl
c:\windows\system32\3c9aspywarz1592.bin
c:\windows\system32\3ca1spywa5e1099z.ocx
c:\windows\system32\3z201n5t-9-virusf7.cpl
c:\windows\system32\3z651no5-a-virus5e9.cpl
c:\windows\system32\3z93backdoor1205.dll
c:\windows\system32\3z98thi59426.bin
c:\windows\system32\40z8s9y5are2391.ocx
c:\windows\system32\4105worm9z.cpl
c:\windows\system32\4189s9ywar5z246.ocx
c:\windows\system32\41f9zparse93225.exe
c:\windows\system32\42z9spyware925.ocx
c:\windows\system32\430c9pzware503.cpl
c:\windows\system32\451059amzot2d.dll
c:\windows\system32\459spamboz39d.cpl
c:\windows\system32\45ca5hzeat3098.ocx
c:\windows\system32\45zspy59re411.bin
c:\windows\system32\4647stea51z039.cpl
c:\windows\system32\4652thi5z3945.exe
c:\windows\system32\473a5par9e3z81.dll
c:\windows\system32\4753hacktool7z9.dll
c:\windows\system32\4a09zh5eat9537.ocx
c:\windows\system32\4c3e5ownloadez2291.bin
c:\windows\system32\4c51sparse9z09.cpl
c:\windows\system32\4c95sparze2453.dll
c:\windows\system32\4da9thzef5539.exe
c:\windows\system32\4fz5steal593.ocx
c:\windows\system32\5005spy9z55.bin
c:\windows\system32\50682no9-a-vzrus762.bin
c:\windows\system32\506bspywar92558z.exe
c:\windows\system32\50710not-a-virzs30d9.exe
c:\windows\system32\50830viru95zb.bin
c:\windows\system32\50zfth59f2045.ocx
c:\windows\system32\512zdown5oa9er1631.ocx
c:\windows\system32\51492szy729.exe
c:\windows\system32\51905ot-a-vir9szc7.exe
c:\windows\system32\51969virus11z.exe
c:\windows\system32\51df9ownloade5z075.cpl
c:\windows\system32\52035zreat81639.bin
c:\windows\system32\521not-z-viru9536.dll
c:\windows\system32\5310h9zktool52d.bin
c:\windows\system32\53zaaddwa9e1985.bin
c:\windows\system32\540fst5al5z9.bin
c:\windows\system32\548a9dwaze6225.ocx
c:\windows\system32\54zethre9t5557.exe
c:\windows\system32\5549steal84z.exe
c:\windows\system32\555z9py32b.bin
c:\windows\system32\556z9ack5ool2aa.cpl
c:\windows\system32\556zworm3589.cpl
c:\windows\system32\559faddwzre1119.bin
c:\windows\system32\55a99zeal2962.dll
c:\windows\system32\5681spa5se1967z.exe
c:\windows\system32\5694spamb5t38z.ocx
c:\windows\system32\5695addwa5ez99.exe
c:\windows\system32\569bspzr5e2339.exe
c:\windows\system32\56c9sparse293z5.exe
c:\windows\system32\56dfszyw9r51048.exe
c:\windows\system32\56z5backdoor16189.dll
c:\windows\system32\56z5s9eal39.cpl
c:\windows\system32\57d15ownloader23z9.dll
c:\windows\system32\57db9zreat2883.dll
c:\windows\system32\57zbadd5are955.cpl
c:\windows\system32\585559py3fz.cpl
c:\windows\system32\5900dow5lozder1641.dll
c:\windows\system32\59571worm4z7.cpl
c:\windows\system32\595dtzief1780.bin
c:\windows\system32\597zth9ef5518.bin
c:\windows\system32\59a9d5wnloader2z90.exe
c:\windows\system32\59z8vir1695.dll
c:\windows\system32\59zcvi9589.bin
c:\windows\system32\5a7down9oader145z.bin
c:\windows\system32\5a9bthief5436z.exe
c:\windows\system32\5ac8bazkdoor2090.exe
c:\windows\system32\5af9addwarz576.cpl
c:\windows\system32\5b6bdownload9r28z85.bin
c:\windows\system32\5b8z9hreat27165.dll
c:\windows\system32\5cb9threat31705z.cpl
c:\windows\system32\5d16threzt296.exe
c:\windows\system32\5d1bacz9oor3142.dll
c:\windows\system32\5d58steal9959z.dll
c:\windows\system32\5d729pywzre3073.exe
c:\windows\system32\5da79pyware110z5.bin
c:\windows\system32\5e09spywar5z549.bin
c:\windows\system32\5e56do9nloader1115z.cpl
c:\windows\system32\5ed6backd9or1570z.dll
c:\windows\system32\5eedadzw95e1576.ocx
c:\windows\system32\5ez4ba95door171.exe
c:\windows\system32\5ez9ddware3154.exe
c:\windows\system32\5f42back95orz059.cpl
c:\windows\system32\5z4spyware29545.bin
c:\windows\system32\5zdethreat20497.ocx
c:\windows\system32\6030n9t-a-virzs501.ocx
c:\windows\system32\605zstea91430.exe
c:\windows\system32\6152zparse28959.exe
c:\windows\system32\6269backz9or5525.bin
c:\windows\system32\6280th9ef534z.bin
c:\windows\system32\6425zroj599.dll
c:\windows\system32\6485thie9z352.dll
c:\windows\system32\65869hief1492z.ocx
c:\windows\system32\6599backdozr2598.cpl
c:\windows\system32\659cvi91z37.ocx
c:\windows\system32\65f5ste9z81.bin
c:\windows\system32\6674zot-a9v5rus5ca.cpl
c:\windows\system32\667bvir39z95.cpl
c:\windows\system32\66b0thr9at2359z.dll
c:\windows\system32\675espyw9rez965.exe
c:\windows\system32\68dzaddwa5e9092.bin
c:\windows\system32\6902viz4755.dll
c:\windows\system32\69steal26z5.exe
c:\windows\system32\6a39zownlo5der1777.dll
c:\windows\system32\6a90t9ie5z37.dll
c:\windows\system32\6b8zspa9se17355.cpl
c:\windows\system32\6d8zthief1975.dll
c:\windows\system32\6f5cstzal3955.ocx
c:\windows\system32\6faa5h9zf3089.dll
c:\windows\system32\7073downloade53z209.dll
c:\windows\system32\715ea9zware257.ocx
c:\windows\system32\71z3s5e9l1829.bin
c:\windows\system32\722ca9dwarz5533.cpl
c:\windows\system32\7272threz598426.dll
c:\windows\system32\73bbthiz512659.ocx
c:\windows\system32\745badd9are11z8.exe
c:\windows\system32\7525sp9r5ez292.exe
c:\windows\system32\757addwz9e1568.cpl
c:\windows\system32\7599spyware180z.ocx
c:\windows\system32\75c49ir1792z.bin
c:\windows\system32\76f5s9ealz935.cpl
c:\windows\system32\7771backzo9r1508.bin
c:\windows\system32\7957a5z9are642.ocx
c:\windows\system32\796z9reat91315.ocx
c:\windows\system32\79b2sp5ware19z4.exe
c:\windows\system32\79f4bzckdoo92752.bin
c:\windows\system32\7a955ownl9zder1248.ocx
c:\windows\system32\7bc1thi5f2958z.bin
c:\windows\system32\7c5a9zr2161.dll
c:\windows\system32\7dfcbaz95oor1811.cpl
c:\windows\system32\7ffzthr5at23809.cpl
c:\windows\system32\7z15spyw5re961.bin
c:\windows\system32\7z59orm167.exe
c:\windows\system32\81025rojzd9.dll
c:\windows\system32\834thiefz5409.ocx
c:\windows\system32\8539zpy5859.bin
c:\windows\system32\8773troz5f9.bin
c:\windows\system32\89z5worm1b75.ocx
c:\windows\system32\9025vir2807z.ocx
c:\windows\system32\90612spz6455.exe
c:\windows\system32\9061h9cktozl235.bin
c:\windows\system32\90755hackzo5l7ba.dll
c:\windows\system32\91196zpambot3d45.cpl
c:\windows\system32\9145vzr5166.bin
c:\windows\system32\91650zr5j4b3.ocx
c:\windows\system32\91espyw59e155z.cpl
c:\windows\system32\9247h5ckzool7c7.ocx
c:\windows\system32\93253troz451.cpl
c:\windows\system32\934fs5yware296z.bin
c:\windows\system32\935dtzreat4332.ocx
c:\windows\system32\93839s5y571z.dll
c:\windows\system32\93abac5zoor1582.bin
c:\windows\system32\93zfs5eal558.dll
c:\windows\system32\94475spy1z0.exe
c:\windows\system32\944sp5rse95z.bin
c:\windows\system32\954wor53az.exe
c:\windows\system32\95578hacktool4z7.cpl
c:\windows\system32\95649ziru54e4.cpl
c:\windows\system32\956dstzal2256.cpl
c:\windows\system32\9597zvirus3e8.ocx
c:\windows\system32\95daddwaze7405.bin
c:\windows\system32\9649troj5cfz.bin
c:\windows\system32\965zspy299.dll
c:\windows\system32\9676backdzo5230.ocx
c:\windows\system32\969zs5y7919.ocx
c:\windows\system32\97305vizusab.bin
c:\windows\system32\97904s5amboz38a.cpl
c:\windows\system32\9805not-9-virzs2a4.ocx
c:\windows\system32\98z45tro5140.dll
c:\windows\system32\99402vi5us225z.exe
c:\windows\system32\994fbac5dozr1407.bin
c:\windows\system32\9957hacztool5d2.dll
c:\windows\system32\996bs5zrse1131.cpl
c:\windows\system32\99983haczto5l499.cpl
c:\windows\system32\9a32vir3215z.cpl
c:\windows\system32\9b7cbackzoor1255.dll
c:\windows\system32\9d85hie93049z.dll
c:\windows\system32\9dad5pywarez924.cpl
c:\windows\system32\9eab5ddwaze571.bin
c:\windows\system32\9eef5zwnloader1208.exe
c:\windows\system32\a2avi569z.ocx
c:\windows\system32\b2z9own5oader2499.bin
c:\windows\system32\b39downl5adez1269.cpl
c:\windows\system32\b695hiefz4109.exe
c:\windows\system32\b9etzief2511.bin
c:\windows\system32\c0athreaz545659.ocx
c:\windows\system32\ca5vi59705z.dll
c:\windows\system32\ccespywaz95858.ocx
c:\windows\system32\cecsp9zs51158.dll
c:\windows\system32\d69s5yware3z.dll
c:\windows\system32\e4eba9zd5or2735.exe
c:\windows\system32\e555tza91215.ocx
c:\windows\system32\z0097sp52a3.ocx
c:\windows\system32\z0169parse1556.ocx
c:\windows\system32\z02t5oj69e.exe
c:\windows\system32\z0386sp51b9.ocx
c:\windows\system32\z0955troj149.ocx
c:\windows\system32\z097backdo5r2629.exe
c:\windows\z1691virus595.dll
c:\windows\z1715hi9f1504.exe
c:\windows\z33spywa9e35.ocx
c:\windows\z35b95dware1264.ocx
c:\windows\z4778tr5j1f39.cpl
c:\windows\z5395py6349.dll
c:\windows\z53spyw59e940.bin
c:\windows\z5484virus659.exe
c:\windows\z5500tro9195.cpl
c:\windows\z5539hackto9l5f2.exe
c:\windows\z55bth95f2171.dll
c:\windows\z65dth9eat1493.dll
c:\windows\z6999spamb5935f.dll
c:\windows\z717v9r875.bin
c:\windows\z7974s5ydf9.dll
c:\windows\z874spyware5999.bin
c:\windows\z894t9oj65.ocx
c:\windows\z97cad9ware5953.cpl
c:\windows\z9bdvir95075.ocx
c:\windows\za88spyw9re5395.bin
c:\windows\zabbdo9n5oader2434.ocx
.
((((((((((((((((((((((((( Files Created from 2009-06-01 to 2009-07-01 )))))))))))))))))))))))))))))))
.
2009-09-18 09:57 . 2009-09-18 09:57 10951 ----a-w- c:\windows\system32\za929pyw5re487.bin
2009-07-25 23:37 . 2009-07-25 23:37 9046 ----a-w- c:\windows\system32\zb799p5rse821.bin
2009-07-11 16:46 . 2009-07-11 16:46 4921 ----a-w- c:\windows\system32\zc5avir9995.dll
2009-07-01 01:41 . 2009-07-01 01:41 152576 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-07-01 01:19 . 2009-07-01 01:36 -------- d-----w- c:\documents and settings\Tara Brooks\.SunDownloadManager
2009-06-30 03:11 . 2009-06-30 03:11 -------- d--h--w- c:\windows\system32\GroupPolicy
2009-06-28 22:18 . 2009-06-28 22:19 -------- d-----w- C:\rsit
2009-06-28 21:06 . 2009-06-28 21:06 14 ----a-w- c:\windows\ASSE.dat
2009-06-28 17:45 . 2009-06-30 02:23 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 17:45 . 2009-06-28 17:49 -------- d-----w- c:\program files\SpywareBlaster
2009-06-28 00:58 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-28 00:58 . 2009-06-28 00:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-28 00:58 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-28 00:58 . 2009-06-28 01:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-26 16:20 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-26 16:20 . 2009-06-26 16:20 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-26 16:15 . 2009-06-26 16:15 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-26 16:13 . 2009-06-27 17:31 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-26 16:13 . 2009-06-27 17:31 -------- d-----w- c:\program files\NOS
2009-06-26 06:03 . 2009-06-28 22:19 -------- d-----w- c:\program files\Trend Micro
2009-06-26 05:40 . 2009-06-26 05:40 -------- d-----w- c:\program files\ERUNT
2009-06-24 01:39 . 2009-06-24 01:39 34062 ----a-w- c:\documents and settings\Tara Brooks\Application Data\Move Networks\ie_bin\Uninst.exe
2009-06-23 19:16 . 2009-06-25 23:20 -------- d-----w- c:\program files\DivX
2009-06-23 18:54 . 2009-06-23 18:55 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Adobe
2009-06-17 13:04 . 2009-06-17 13:04 4370 ----a-w- c:\windows\system32\z54455p9mbot18.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 01:43 . 2006-07-19 21:23 -------- d-----w- c:\program files\Java
2009-06-28 01:22 . 2005-02-17 14:44 -------- d-----w- c:\documents and settings\Tara Brooks\Application Data\WeatherBug
2009-06-26 16:29 . 2004-08-18 21:37 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-25 23:25 . 2009-01-20 00:09 -------- d-----w- c:\program files\SmartDraw 2009
2009-06-25 23:23 . 2004-07-29 23:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-25 23:20 . 2008-11-26 06:04 -------- d-----w- c:\program files\DNA
2009-06-24 01:40 . 2007-03-24 00:31 -------- d--h--w- c:\documents and settings\Tara Brooks\Application Data\Move Networks
2009-06-16 01:48 . 2006-11-20 01:14 1915520 -c--a-w- c:\documents and settings\Tara Brooks\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-05-27 05:04 . 2006-10-22 18:25 3688 ----a-w- c:\windows\system32\d3d9caps.dat
2009-05-21 15:33 . 2008-11-26 06:28 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-07 15:32 . 2004-07-29 23:21 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 21:37 . 2007-02-02 02:37 -------- d-----w- c:\program files\McAfee
2009-04-29 04:56 . 2004-08-24 00:32 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2004-07-29 23:21 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-17 00:31 . 2009-04-17 00:31 6292 ----a-w- c:\windows\system32\z35vir21579.bin
2009-04-15 14:51 . 2004-07-29 23:22 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-14 21:33 . 2009-04-14 21:33 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.1.1.10\SetupAdmin.exe
2009-04-12 05:04 . 2009-04-12 05:04 12727 ----a-w- c:\windows\system32\z9935orm4e8.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-06-30_04.03.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-01 01:44 . 2009-07-01 01:44 16384 c:\windows\Temp\Perflib_Perfdata_b84.dat
+ 2004-07-29 23:21 . 2009-06-30 21:51 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2004-07-29 23:21 . 2009-06-30 02:24 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2004-07-29 23:21 . 2009-06-30 21:51 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2004-07-29 23:21 . 2009-06-30 02:24 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-11-26 06:28 . 2008-11-26 06:27 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 01:44 . 2009-05-21 15:34 148888 c:\windows\system32\javaws.exe
+ 2009-07-01 01:44 . 2009-05-21 15:34 144792 c:\windows\system32\javaw.exe
- 2008-11-26 06:28 . 2008-11-26 06:27 144792 c:\windows\system32\javaw.exe
+ 2009-07-01 01:44 . 2009-05-21 15:34 144792 c:\windows\system32\java.exe
- 2008-11-26 06:28 . 2008-11-26 06:27 144792 c:\windows\system32\java.exe
+ 2004-07-29 23:21 . 2009-06-30 21:51 262144 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2004-07-29 23:21 . 2009-06-30 02:24 262144 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Weather"="c:\progra~1\AWS\WEATHE~1\Weather.exe" [2005-06-07 1339392]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-23 39408]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"="c:\program files\Support.com\providerComcast\desktopdoctor.exe" [2006-06-02 1286144]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-02-03 155648]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2003-07-29 335872]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-05-28 86016]
"DVDSentry"="c:\windows\System32\DSentry.exe" [2002-07-17 28672]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-12-17 684032]
"McAfeeUpdaterUI"="c:\program files\Network Associates\Common Framework\UpdaterUI.exe" [2006-10-30 131072]
"iRiver AutoDB"="c:\program files\iRiver\Service\MLService.exe" [2004-09-10 1040384]
"iRiver Updater"="c:\program files\iRiver\Service\Updater.exe" [2004-09-07 212992]
"tgcmd"="c:\program files\Support.com\bin\tgcmd.exe" [2007-03-07 1773568]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"ATIModeChange"="Ati2mdxx.exe" - c:\windows\system32\Ati2mdxx.exe [2001-09-05 28672]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-7-29 24576]
Hawking Wireless Utility.lnk - c:\program files\Hawking\HWU8DD\HWU8DD.exe [2006-12-18 479232]
Post-itr Software Notes Lite.lnk - c:\program files\3M\PSNLite\PsnLite.exe [2004-6-2 1622016]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Sebring]
2004-01-12 11:55 110592 ----a-w- c:\windows\system32\LgNotify.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package Menu.lnk
backup=c:\windows\pss\Picture Package Menu.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Picture Package VCD Maker.lnk
backup=c:\windows\pss\Picture Package VCD Maker.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Tara Brooks\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\GameHouse\\TextTwist\\TextTwist.exe"=
"c:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Rio\\Rio Music Manager\\riomm.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R2 lowpp;Lowrance MMC Parallel Port Driver;c:\windows\system32\drivers\lowpp.sys [6/3/2007 11:20 AM 7787]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 8:26 PM 24652]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver;c:\windows\system32\drivers\BRGSp50.sys [12/18/2006 10:31 PM 20608]
S3 MLFILEM;MLFILEM;c:\windows\system32\drivers\MLFILEM.SYS [12/11/2004 1:40 AM 28160]
S3 NaiAvFilter101;NAI Anti Virus;\Device\NaiAvFilter101.sys --> \Device\NaiAvFilter101.sys [?]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking);c:\windows\system32\drivers\ZD1211U.sys [12/18/2006 10:31 PM 278016]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
2009-06-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2009-06-15 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-02 17:32]
2009-04-01 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2007-02-02 17:32]
2009-06-30 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-22 02:18]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = hxxp://www.utk.edu/
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = actsvr.comcastonline.com:8100
uInternet Settings,ProxyOverride = cdn
IE: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-30 22:00
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(884)
c:\windows\system32\Ati2evxx.dll
c:\windows\System32\LgNotify.dll
.
Completion time: 2009-07-01 22:03
ComboFix-quarantined-files.txt 2009-07-01 02:02
ComboFix2.txt 2009-06-30 04:06
Pre-Run: 5,867,626,496 bytes free
Post-Run: 5,939,720,192 bytes free
682 --- E O F --- 2009-06-25 19:29
Step 1
Custom CFScript
Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
http://forums.spybot.info/showthread.php?p=320346#post320346
Comment:: Katana
Collect::[4]
c:\windows\system32\za929pyw5re487.bin
c:\windows\system32\zb799p5rse821.bin
c:\windows\system32\zc5avir9995.dll
c:\windows\system32\z54455p9mbot18.exe
c:\windows\system32\z35vir21579.bin
c:\windows\system32\z9935orm4e8.exe
ADS::
Save this as CFScript.txt and place it on your desktop.
http://i51.photobucket.com/albums/f387/Katana_1970/CFScriptb.gif
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis. Ensure you are connected to the internet and click OK on the message box.
Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
----------------------------------------------------------------------------------------
Step 2
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to
Update Malwarebytes' Anti-Malware
and Launch Malwarebytes' Anti-Malware
then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. please copy and paste the log into your next reply
If requested, please reboot
If you accidently close it, the log file is saved here and will be named like this:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
ComobFix Log
MalwareBytes Log
How are things running now ?
It seems that ComboFix stalls out while performing the "scan". I tried rebooting and running again, and it still wouldn't work. I don't know if this would effect it or not, but my roommate, unbeknowst to me, downloaded and ran spybot today. I uninstalled it before running combofix, but I wanted to make sure I disclosed it so that you may help me out. Sorry about that! She didn't realize that I didn't want anything done until I was done working with you. Now what?
Curious ??
Spybot wouldn't be causing the trouble though, so no need to worry there :)
Please post a fresh RSIT log
How are things running now ?
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tara Brooks at 2009-07-02 22:29:55
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 511 MB (43% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:30:24 PM, on 7/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iRiver\Service\MLService.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Tara Brooks\Desktop\RSIT.exe
C:\Program Files\trend micro\Tara Brooks.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utk.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=61d7f0a8-9c80-46b4-8f5a-1d0f16bdccc8
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10052 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-07-29 335872]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2006-10-30 131072]
"iRiver AutoDB"=C:\Program Files\iRiver\Service\MLService.exe [2004-09-10 1040384]
"iRiver Updater"=C:\Program Files\iRiver\Service\Updater.exe [2004-09-07 212992]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\PROGRA~1\AWS\WEATHE~1\Weather.exe [2005-06-07 1339392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"=C:\Program Files\Support.com\providerComcast\desktopdoctor.exe [2006-06-02 1286144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-30 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~4\SonyTray.exe [2003-11-21 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-12-14 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Hawking Wireless Utility.lnk - C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
Post-itŪ Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-07-29 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2004-01-12 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe"="C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
======List of files/folders created in the last 1 months======
2009-07-11 12:46:13 ----A---- C:\WINDOWS\system32\zc5avir9995.dll
2009-07-01 23:43:52 ----SD---- C:\ComboFix
2009-07-01 23:43:51 ----A---- C:\WINDOWS\system32\CF25605.exe
2009-07-01 23:31:30 ----SD---- C:\SharonCF
2009-07-01 23:31:25 ----A---- C:\WINDOWS\system32\CF23165.exe
2009-07-01 23:22:41 ----SHD---- C:\RECYCLER
2009-07-01 23:22:00 ----A---- C:\WINDOWS\system32\CF21310.exe
2009-07-01 23:20:45 ----A---- C:\WINDOWS\system32\CF20337.exe
2009-07-01 23:11:32 ----A---- C:\WINDOWS\wininit.ini
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\java.exe
2009-06-29 23:42:47 ----A---- C:\Boot.bak
2009-06-29 23:42:40 ----RASHD---- C:\cmdcons
2009-06-29 23:36:55 ----A---- C:\WINDOWS\zip.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWSC.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWREG.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\sed.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\PEV.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\grep.exe
2009-06-29 23:11:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-06-29 22:52:59 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-06-29 22:52:49 ----D---- C:\Qoobox
2009-06-28 18:18:32 ----D---- C:\rsit
2009-06-28 14:00:32 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-06-28 13:45:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-28 13:45:33 ----D---- C:\Program Files\SpywareBlaster
2009-06-28 13:28:29 ----D---- C:\WINDOWS\pss
2009-06-27 20:58:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-27 20:58:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-26 12:20:04 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-26 12:13:41 ----D---- C:\Program Files\NOS
2009-06-26 12:13:41 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-26 02:03:42 ----D---- C:\Program Files\Trend Micro
2009-06-26 01:40:57 ----D---- C:\WINDOWS\ERDNT
2009-06-26 01:40:22 ----D---- C:\Program Files\ERUNT
2009-06-26 01:12:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-23 15:16:38 ----D---- C:\Program Files\DivX
2009-06-17 09:04:29 ----A---- C:\WINDOWS\system32\z54455p9mbot18.exe
2009-06-11 03:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 1 months======
2009-07-02 22:29:59 ----D---- C:\WINDOWS\Temp
2009-07-02 22:29:53 ----D---- C:\WINDOWS\Prefetch
2009-07-02 07:31:56 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2009-07-02 01:25:27 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-01 23:45:07 ----D---- C:\WINDOWS\system32
2009-07-01 23:41:19 ----D---- C:\WINDOWS\system32\drivers
2009-07-01 23:20:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-01 23:20:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-01 23:12:12 ----RD---- C:\Program Files
2009-07-01 23:11:32 ----D---- C:\windows
2009-07-01 15:55:08 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\WeatherBug
2009-06-30 22:01:08 ----D---- C:\WINDOWS\system32\CatRoot2
2009-06-30 22:00:36 ----A---- C:\WINDOWS\system.ini
2009-06-30 21:56:07 ----D---- C:\WINDOWS\AppPatch
2009-06-30 21:55:51 ----D---- C:\Program Files\Common Files
2009-06-30 21:44:39 ----SHD---- C:\WINDOWS\Installer
2009-06-30 21:44:15 ----SHD---- C:\Config.Msi
2009-06-30 21:43:43 ----D---- C:\Program Files\Java
2009-06-30 00:04:44 ----RSHD---- C:\WINDOWS\system32\DllCache
2009-06-30 00:02:42 ----SD---- C:\WINDOWS\Tasks
2009-06-29 23:48:32 ----D---- C:\WINDOWS\security
2009-06-29 23:42:47 ----RASH---- C:\boot.ini
2009-06-28 13:34:57 ----A---- C:\WINDOWS\win.ini
2009-06-27 13:31:15 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-26 12:30:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-26 12:29:06 ----D---- C:\Program Files\Common Files\Adobe
2009-06-26 12:27:39 ----D---- C:\Program Files\Adobe
2009-06-26 12:20:10 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\Adobe
2009-06-26 12:07:33 ----D---- C:\WINDOWS\system32\FxsTmp
2009-06-26 08:34:38 ----D---- C:\WINDOWS\Minidump
2009-06-25 19:25:39 ----D---- C:\Program Files\SmartDraw 2009
2009-06-25 19:23:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 19:23:29 ----HD---- C:\WINDOWS\inf
2009-06-25 19:23:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-25 19:20:19 ----D---- C:\Program Files\DNA
2009-06-23 21:40:41 ----HD---- C:\Documents and Settings\Tara Brooks\Application Data\Move Networks
2009-06-11 03:14:43 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:07:46 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 03:07:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 03:03:29 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 03:02:59 ----D---- C:\WINDOWS\ie7updates
2009-06-08 07:12:27 ----D---- C:\WINDOWS\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-07-29 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-07-29 206464]
R2 BASFND;BASFND; \??\C:\WINDOWS\System32\Drivers\BASFND.sys []
R2 lowpp;Lowrance MMC Parallel Port Driver; \??\C:\WINDOWS\system32\Drivers\lowpp.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-07-29 14037]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2008-04-13 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2004-01-09 10970]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-08-22 94600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-04-13 701440]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-22 175360]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MLFILEM;MLFILEM; \??\C:\WINDOWS\system32\drivers\MLFILEM.SYS []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-07-29 30630]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2004-01-13 2482176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
R3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TARABR~1\LOCALS~1\Temp\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-07-29 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiAvFilter101;NAI Anti Virus; \Device\NaiAvFilter101.sys []
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2007-03-12 16128]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-14 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-07-29 323584]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINDOWS\System32\basfipm.exe [2003-04-17 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2004-01-09 122880]
R2 RioMSC;Rio MSC Manager; C:\WINDOWS\system32\RioMSC.exe [2004-08-26 282624]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2004-01-09 303171]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2006-10-30 98304]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
-----------------EOF-----------------
Step 1
Upload a File
Download suspicious file packer from here (http://www.safer-networking.org/files/sfp.zip)
Unzip it to desktop, open it & paste in the list of files below, press next & it will create an archive (zip/cab file) on desktop
c:\windows\system32\za929pyw5re487.bin
c:\windows\system32\zb799p5rse821.bin
c:\windows\system32\zc5avir9995.dll
c:\windows\system32\z54455p9mbot18.exe
c:\windows\system32\z35vir21579.bin
c:\windows\system32\z9935orm4e8.exe
C:\WINDOWS\wininit.ini
Please open LINK >>> THIS PAGE (http://www.bleepingcomputer.com/submit-malware.php?channel=4) <<<LINK in a new window.
In the box marked Link to topic where this file was requested: please put this text
http://forums.spybot.info/showthread.php?p=320346#post320346
Click the Browse button and navigate to the Cab file that was created on your desktop
Select this file and click Open
In the Largest box please put
File Requested By Katana
Failed Submit
Finally click SendFile
You can now delete SFP (exe and Zip) along with the .cab file that was created
----------------------------------------------------------------------------------------
Step 2
Download and Run ComboFix
Please delete the copy of ComboFix that you have and download an updated copy from one of the links below
Please visit this webpage for instructions on using ComboFix:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
ComboFix.exe 1 (http://subs.geekstogo.com/ComboFix.exe)
ComboFix.exe 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
ComboFix.exe 3 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log
Re-enable all the programs that were disabled during the running of ComboFix..
Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.
CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
ComboFix SHOULD NOT be used unless requested by a forum helper
----------------------------------------------------------------------------------------
Step 3
Active Scan
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Please go to this site Link >> ActiveScan (http://www.pandasecurity.com/activescan/index/) << LINK
Click the Scan Now button
Follow the prompts to install the Active X if necessary
Go and make a cup of tea/coffee/beverage of your choice and watch some TV :)
When the scan is finished, a report will be generated
Next to Scan Details click the small export to notepad button and save the report to your desktop.
Please post the report in your reply.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
Combofix Log
Active Scan Log
How are things running now ?
Combofix still won't complete scan. Finished step 1. Waiting on step 3 to finish and post log.
;***********************************************************************************************************************************************************************************
ANALYSIS: 2009-07-05 23:37:47
PROTECTIONS: 1
MALWARE: 12
SUSPECTS: 4
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
McAfee VirusScan Yes Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@trafficmp[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@247realmedia[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Tara Brooks\Cookies\tara_brooks@com[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@apmebf[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@adtech[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Tara Brooks\Cookies\tara_brooks@server.iad.liveperson[4].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@realmedia[2].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\windows\system32\config\systemprofile\Cookies\system@zedo[1].txt
00242667 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP966\A0199091.DLL
00507950 Application/MyWay HackTools No 0 Yes No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP966\A0199093.DLL
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198116.sys
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
No C:\Qoobox\Quarantine\C\windows\system32\MSIVXgsalimudcooyeyvfoisskiialtqksuml.dll.vir
No C:\Qoobox\Quarantine\C\windows\system32\setup2.exe.vir
No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198114.dll
No C:\System Volume Information\_restore{9B539E66-D85A-41E7-ACFD-AE0F6CD9DCE9}\RP965\A0198336.exe
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================
OTMoveIt
Please download OTM by OldTimer (http://oldtimer.geekstogo.com/OTM.exe) and save it to your desktop
Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
:Files
c:\windows\system32\za929pyw5re487.bin
c:\windows\system32\zb799p5rse821.bin
c:\windows\system32\zc5avir9995.dll
c:\windows\system32\z54455p9mbot18.exe
c:\windows\system32\z35vir21579.bin
c:\windows\system32\z9935orm4e8.exe
C:\WINDOWS\wininit.ini
:Commands
[Purity]
[EmptyTemp]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
OTMoveIt Log
A fresh RSIT Log
How are things running now ?
All processes killed
========== PROCESSES ==========
========== FILES ==========
c:\windows\system32\za929pyw5re487.bin moved successfully.
c:\windows\system32\zb799p5rse821.bin moved successfully.
LoadLibrary failed for c:\windows\system32\zc5avir9995.dll
c:\windows\system32\zc5avir9995.dll NOT unregistered.
c:\windows\system32\zc5avir9995.dll moved successfully.
c:\windows\system32\z54455p9mbot18.exe moved successfully.
c:\windows\system32\z35vir21579.bin moved successfully.
c:\windows\system32\z9935orm4e8.exe moved successfully.
C:\WINDOWS\wininit.ini moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 49286 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Tara Brooks
->Temp folder emptied: 119946 bytes
->Temporary Internet Files folder emptied: 177905613 bytes
->Java cache emptied: 28576383 bytes
->Apple Safari cache emptied: 16909748 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 39097 bytes
%systemroot%\System32 .tmp files removed: 9127937 bytes
File delete failed. C:\WINDOWS\temp\mcmsc_9deROyWexlNPAri scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_UrhPeYeTgUHR682 scheduled to be deleted on reboot.
Windows Temp folder emptied: 88575 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 222.06 mb
OTM by OldTimer - Version 3.0.0.4 log created on 07062009_211523
Files moved on Reboot...
File C:\WINDOWS\temp\mcmsc_9deROyWexlNPAri not found!
File C:\WINDOWS\temp\mcmsc_UrhPeYeTgUHR682 not found!
Registry entries deleted on Reboot...
Logfile of random's system information tool 1.06 (written by random/random)
Run by Tara Brooks at 2009-07-06 21:26:32
Microsoft Windows XP Professional Service Pack 3
System drive C: has 5 GB (14%) free of 38 GB
Total RAM: 511 MB (24% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:27:00 PM, on 7/6/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\basfipm.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Program Files\McAfee\VirusScan\McShield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\iRiver\Service\MLService.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iRiver\Service\Updater.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Documents and Settings\Tara Brooks\Desktop\RSIT.exe
C:\Program Files\trend micro\Tara Brooks.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utk.edu/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = actsvr.comcastonline.com:8100
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cdn
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [iRiver AutoDB] C:\Program Files\iRiver\Service\MLService.exe
O4 - HKLM\..\Run: [iRiver Updater] C:\Program Files\iRiver\Service\Updater.exe
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [CheckNetworkConnection] "C:\Program Files\Support.com\providerComcast\desktopdoctor.exe" /flow /flow=diagnosenetwork /trayclick=true /haveconfirmedwiring=true /haverenewed=true /haverestartedmodem=true /onrestart=true /havehealed=true /issuenumber=61d7f0a8-9c80-46b4-8f5a-1d0f16bdccc8
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Hawking Wireless Utility.lnk = C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb029BBUS_ZCxdm481YYUS
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Broadcom ASF IP monitoring service v6.0.3 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\System32\basfipm.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\McShield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: PEVSystemStart - Unknown owner - cmd /k start /i "/dC:" "C:\SharonCF\HIDEC.exe" "C:\SharonCF\SWREG.EXE" ACL "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep" /RESET /Q (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 10322 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
C:\WINDOWS\tasks\WGASetup.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan\scriptsn.dll [2007-11-09 58688]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-04-17 668656]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll [2009-04-23 470512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-06-15 259696]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Apoint"=C:\Program Files\Apoint\Apoint.exe [2004-02-02 155648]
"ATIModeChange"=C:\WINDOWS\system32\Ati2mdxx.exe [2001-09-04 28672]
"ATIPTA"=C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [2003-07-29 335872]
"PRONoMgr.exe"=C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe [2003-05-28 86016]
"DVDSentry"=C:\WINDOWS\System32\DSentry.exe [2002-07-17 28672]
"AdaptecDirectCD"=C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe [2002-12-17 684032]
"McAfeeUpdaterUI"=C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe [2006-10-30 131072]
"iRiver AutoDB"=C:\Program Files\iRiver\Service\MLService.exe [2004-09-10 1040384]
"iRiver Updater"=C:\Program Files\iRiver\Service\Updater.exe [2004-09-07 212992]
"tgcmd"=C:\Program Files\Support.com\bin\tgcmd.exe [2007-03-07 1773568]
"mcagent_exe"=C:\Program Files\McAfee.com\Agent\mcagent.exe [2007-11-01 582992]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=C:\PROGRA~1\AWS\WEATHE~1\Weather.exe [2005-06-07 1339392]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"CheckNetworkConnection"=C:\Program Files\Support.com\providerComcast\desktopdoctor.exe [2006-06-02 1286144]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [2007-03-09 63712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2009-04-02 342312]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-22 39408]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
C:\PROGRA~1\Logitech\DESKTO~1\8876480\Program\LOGITE~1.EXE [2008-12-30 67128]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package Menu.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~4\SonyTray.exe [2003-11-21 151552]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Picture Package VCD Maker.lnk]
C:\PROGRA~1\SONYCO~1\PICTUR~1\PICTUR~1\RESIDE~1.EXE [2004-12-14 106496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Tara Brooks^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [2005-03-16 113664]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Hawking Wireless Utility.lnk - C:\Program Files\Hawking\HWU8DD\HWU8DD.exe
Post-itŪ Software Notes Lite.lnk - C:\Program Files\3M\PSNLite\PsnLite.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2003-07-29 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Sebring]
C:\WINDOWS\System32\LgNotify.dll [2004-01-12 110592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mcmscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\Program Files\GameHouse\TextTwist\TextTwist.exe"="C:\Program Files\GameHouse\TextTwist\TextTwist.exe:*:Enabled:Super TextTwist"
"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe"="C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\Program Files\Rio\Rio Music Manager\riomm.exe"="C:\Program Files\Rio\Rio Music Manager\riomm.exe:*:Enabled:Rio Music Manager"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe"="C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
======List of files/folders created in the last 1 months======
2009-07-06 21:15:23 ----D---- C:\_OTM
2009-07-05 18:49:28 ----D---- C:\Program Files\Panda Security
2009-07-05 17:59:58 ----SD---- C:\SharonCF
2009-07-05 17:59:54 ----A---- C:\WINDOWS\system32\CF5437.exe
2009-07-05 17:38:36 ----SD---- C:\ComboFix
2009-07-05 17:38:35 ----A---- C:\WINDOWS\system32\CF1267.exe
2009-07-01 23:43:51 ----A---- C:\WINDOWS\system32\CF25605.exe
2009-07-01 23:31:25 ----A---- C:\WINDOWS\system32\CF23165.exe
2009-07-01 23:22:41 ----SHD---- C:\RECYCLER
2009-07-01 23:22:00 ----A---- C:\WINDOWS\system32\CF21310.exe
2009-07-01 23:20:45 ----A---- C:\WINDOWS\system32\CF20337.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaws.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\javaw.exe
2009-06-30 21:44:09 ----A---- C:\WINDOWS\system32\java.exe
2009-06-29 23:42:47 ----A---- C:\Boot.bak
2009-06-29 23:42:40 ----RASHD---- C:\cmdcons
2009-06-29 23:36:55 ----A---- C:\WINDOWS\zip.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWSC.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\SWREG.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\sed.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\PEV.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\NIRCMD.exe
2009-06-29 23:36:55 ----A---- C:\WINDOWS\grep.exe
2009-06-29 23:11:51 ----HD---- C:\WINDOWS\system32\GroupPolicy
2009-06-29 22:52:59 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt
2009-06-29 22:52:49 ----D---- C:\Qoobox
2009-06-28 18:18:32 ----D---- C:\rsit
2009-06-28 14:00:32 ----A---- C:\WINDOWS\system32\STKIT432.DLL
2009-06-28 13:45:43 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-06-28 13:45:33 ----D---- C:\Program Files\SpywareBlaster
2009-06-28 13:28:29 ----D---- C:\WINDOWS\pss
2009-06-27 20:58:08 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-06-27 20:58:07 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-06-26 12:20:04 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-06-26 12:13:41 ----D---- C:\Program Files\NOS
2009-06-26 12:13:41 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-06-26 02:03:42 ----D---- C:\Program Files\Trend Micro
2009-06-26 01:40:57 ----D---- C:\WINDOWS\ERDNT
2009-06-26 01:40:22 ----D---- C:\Program Files\ERUNT
2009-06-26 01:12:50 ----A---- C:\WINDOWS\ntbtlog.txt
2009-06-23 15:16:38 ----D---- C:\Program Files\DivX
2009-06-11 03:07:52 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-11 03:07:34 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-11 03:04:14 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-11 03:02:19 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 1 months======
2009-07-06 21:26:36 ----D---- C:\WINDOWS\Temp
2009-07-06 21:22:47 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\WeatherBug
2009-07-06 21:21:45 ----D---- C:\windows
2009-07-06 21:21:43 ----A---- C:\WINDOWS\ModemLog_Conexant D480 MDC V.9x Modem.txt
2009-07-06 21:20:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-07-06 21:19:32 ----D---- C:\WINDOWS\system32
2009-07-06 21:16:39 ----D---- C:\WINDOWS\Prefetch
2009-07-05 18:55:26 ----D---- C:\WINDOWS\system32\drivers
2009-07-05 18:49:28 ----RD---- C:\Program Files
2009-07-05 18:49:27 ----HD---- C:\WINDOWS\inf
2009-07-05 18:48:30 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-05 18:48:27 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-02 13:55:00 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-01 23:27:21 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-01 23:20:28 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-30 22:00:36 ----A---- C:\WINDOWS\system.ini
2009-06-30 21:56:07 ----D---- C:\WINDOWS\AppPatch
2009-06-30 21:55:51 ----D---- C:\Program Files\Common Files
2009-06-30 21:44:39 ----SHD---- C:\WINDOWS\Installer
2009-06-30 21:44:15 ----SHD---- C:\Config.Msi
2009-06-30 21:43:43 ----D---- C:\Program Files\Java
2009-06-30 00:04:44 ----RSHD---- C:\WINDOWS\system32\DllCache
2009-06-30 00:02:42 ----SD---- C:\WINDOWS\Tasks
2009-06-29 23:48:32 ----D---- C:\WINDOWS\security
2009-06-29 23:42:47 ----RASH---- C:\boot.ini
2009-06-28 13:34:57 ----A---- C:\WINDOWS\win.ini
2009-06-26 12:30:33 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-06-26 12:29:06 ----D---- C:\Program Files\Common Files\Adobe
2009-06-26 12:27:39 ----D---- C:\Program Files\Adobe
2009-06-26 12:20:10 ----D---- C:\Documents and Settings\Tara Brooks\Application Data\Adobe
2009-06-26 08:34:38 ----D---- C:\WINDOWS\Minidump
2009-06-25 19:25:39 ----D---- C:\Program Files\SmartDraw 2009
2009-06-25 19:23:30 ----HD---- C:\Program Files\InstallShield Installation Information
2009-06-25 19:23:29 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-06-25 19:20:19 ----D---- C:\Program Files\DNA
2009-06-23 21:40:41 ----HD---- C:\Documents and Settings\Tara Brooks\Application Data\Move Networks
2009-06-11 03:14:43 ----D---- C:\Program Files\Internet Explorer
2009-06-11 03:07:46 ----A---- C:\WINDOWS\imsins.BAK
2009-06-11 03:07:19 ----HD---- C:\WINDOWS\$hf_mig$
2009-06-11 03:03:29 ----D---- C:\WINDOWS\system32\en-US
2009-06-11 03:02:59 ----D---- C:\WINDOWS\ie7updates
2009-06-08 07:12:27 ----D---- C:\WINDOWS\SoftwareDistribution
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 Cdr4_xp;Cdr4_xp; C:\WINDOWS\system32\drivers\Cdr4_xp.sys [2002-12-17 61424]
R1 Cdralw2k;Cdralw2k; C:\WINDOWS\system32\drivers\Cdralw2k.sys [2002-12-17 23436]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cdudf_xp;cdudf_xp; C:\WINDOWS\system32\drivers\cdudf_xp.sys [2002-12-17 241152]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2007-11-22 201320]
R1 MPFP;MPFP; C:\WINDOWS\System32\Drivers\Mpfp.sys [2007-07-13 113952]
R1 omci;OMCI WDM Device Driver; C:\WINDOWS\System32\DRIVERS\omci.sys [2004-02-13 17153]
R1 pwd_2k;pwd_2k; C:\WINDOWS\system32\drivers\pwd_2k.sys [2004-07-29 143834]
R1 UdfReadr_xp;UdfReadr_xp; C:\WINDOWS\system32\drivers\UdfReadr_xp.sys [2004-07-29 206464]
R2 BASFND;BASFND; \??\C:\WINDOWS\System32\Drivers\BASFND.sys []
R2 lowpp;Lowrance MMC Parallel Port Driver; \??\C:\WINDOWS\system32\Drivers\lowpp.sys []
R2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.2.1.0; C:\WINDOWS\System32\DRIVERS\mdc8021x.sys [2004-07-29 14037]
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys [2008-04-13 11868]
R2 s24trans;WLAN Transport; C:\WINDOWS\System32\DRIVERS\s24trans.sys [2004-01-09 10970]
R2 zumbus;Zune Bus Enumerator Driver; C:\WINDOWS\system32\DRIVERS\zumbus.sys [2007-11-15 40832]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP; C:\WINDOWS\System32\DRIVERS\Apfiltr.sys [2003-08-22 94600]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2008-04-13 701440]
R3 b57w2k;Broadcom 570x Gigabit Integrated Controller; C:\WINDOWS\System32\DRIVERS\b57xp32.sys [2003-05-22 175360]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\System32\DRIVERS\CmBatt.sys [2008-04-14 13952]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2009-03-19 23400]
R3 HSF_DP;HSF_DP; C:\WINDOWS\System32\DRIVERS\HSF_DP.sys [2003-07-03 1063936]
R3 HSFHWICH;HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [2003-07-03 189056]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2007-11-22 79304]
R3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2007-11-22 35240]
R3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2007-12-02 40488]
R3 MLFILEM;MLFILEM; \??\C:\WINDOWS\system32\drivers\MLFILEM.SYS []
R3 mmc_2K;mmc_2K; C:\WINDOWS\system32\drivers\mmc_2K.sys [2004-07-29 30630]
R3 O2SCBUS;O2Micro SmartCardBus Reader; C:\WINDOWS\System32\DRIVERS\ozscr.sys [2002-11-08 20579]
R3 STAC97;Audio Driver (WDM) - SigmaTel CODEC; C:\WINDOWS\system32\drivers\STAC97.sys [2003-04-25 220176]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
R3 w70n51;Intel(R) PRO/Wireless 7100 Adapter Driver ; C:\WINDOWS\System32\DRIVERS\w70n51.sys [2004-01-13 2482176]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys [2003-07-03 631680]
S3 BRGSp50;BRGSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\BRGSp50.sys [2005-06-08 20608]
S3 bvrp_pci;bvrp_pci; C:\WINDOWS\system32\drivers\bvrp_pci.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\TARABR~1\LOCALS~1\Temp\catchme.sys []
S3 dvd_2K;dvd_2K; C:\WINDOWS\system32\drivers\dvd_2K.sys [2004-07-29 25898]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\System32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 gv3;Intel GV3 Processor Driver; C:\WINDOWS\System32\DRIVERS\gv3.sys [2002-11-18 30976]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 HPFXBULK;HPFXBULK; C:\WINDOWS\system32\drivers\hpfxbulk.sys [2006-06-12 9344]
S3 i81x;i81x; C:\WINDOWS\System32\DRIVERS\i81xnt5.sys [2004-08-04 161020]
S3 iAimFP0;iAimFP0; C:\WINDOWS\System32\DRIVERS\wADV01nt.sys [2004-08-04 12415]
S3 iAimFP1;iAimFP1; C:\WINDOWS\System32\DRIVERS\wADV02NT.sys [2004-08-04 12127]
S3 iAimFP2;iAimFP2; C:\WINDOWS\System32\DRIVERS\wADV05NT.sys [2004-08-04 11775]
S3 iAimFP3;iAimFP3; C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys [2004-08-04 12063]
S3 iAimFP4;iAimFP4; C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys [2004-08-04 19455]
S3 iAimTV0;iAimTV0; C:\WINDOWS\System32\DRIVERS\wATV01nt.sys [2004-08-04 29311]
S3 iAimTV1;iAimTV1; C:\WINDOWS\System32\DRIVERS\wATV02NT.sys [2004-08-04 19551]
S3 iAimTV2;iAimTV2; C:\WINDOWS\System32\DRIVERS\wATV03nt.sys []
S3 iAimTV3;iAimTV3; C:\WINDOWS\System32\DRIVERS\wATV04nt.sys [2004-08-04 33599]
S3 iAimTV4;iAimTV4; C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys [2004-08-04 23615]
S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2007-11-22 33832]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 NaiAvFilter101;NAI Anti Virus; \Device\NaiAvFilter101.sys []
S3 RIOUNIV;Rio universal USB driver; C:\WINDOWS\System32\Drivers\RIOUNIV.sys [2007-03-12 16128]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2009-03-05 36864]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZD1211U(Hawking);Hawking Hi-Gain Wireless-G USB Dish Adapter(Hawking); C:\WINDOWS\system32\DRIVERS\zd1211u.sys [2005-08-16 278016]
S3 ZDPSp50;ZDPSp50 NDIS Protocol Driver; C:\WINDOWS\System32\Drivers\ZDPSp50.sys [2004-10-25 17664]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\agpCPQ.sys [2008-04-14 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\alim1541.sys [2008-04-14 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\System32\DRIVERS\amdagp.sys [2008-04-14 43008]
S4 cbidf;cbidf; C:\WINDOWS\System32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\sisagp.sys [2008-04-14 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\System32\DRIVERS\viaagp.sys [2008-04-14 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-03-06 132424]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\Ati2evxx.exe [2003-07-29 323584]
R2 BAsfIpM;Broadcom ASF IP monitoring service v6.0.3; C:\WINDOWS\System32\basfipm.exe [2003-04-17 77824]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 mcmscsvc;McAfee Services; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [2008-01-09 767976]
R2 McNASvc;McAfee Network Agent; c:\program files\common files\mcafee\mna\mcnasvc.exe [2008-01-25 2458128]
R2 McProxy;McAfee Proxy Service; c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe [2007-08-15 359248]
R2 McShield;McAfee Real-time Scanner; C:\Program Files\McAfee\VirusScan\McShield.exe [2007-07-24 144704]
R2 MpfService;McAfee Personal Firewall Service; C:\Program Files\McAfee\MPF\MPFSrv.exe [2007-07-18 856864]
R2 RegSrvc;RegSrvc; C:\WINDOWS\System32\RegSrvc.exe [2004-01-09 122880]
R2 RioMSC;Rio MSC Manager; C:\WINDOWS\system32\RioMSC.exe [2004-08-26 282624]
R2 S24EventMonitor;Spectrum24 Event Monitor; C:\WINDOWS\System32\S24EvMon.exe [2004-01-09 303171]
R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R3 McSysmon;McAfee SystemGuards; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [2007-12-05 695624]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 267776]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [2006-10-30 98304]
S2 PEVSystemStart;PEVSystemStart; cmd /k start /i /dC: C:\SharonCF\HIDEC.exe C:\SharonCF\SWREG.EXE ACL HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_Beep /RESET /Q []
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-06-05 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2007-10-24 70144]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-23 182768]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2009-04-02 656168]
S3 McODS;McAfee Scanner; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [2007-11-07 378184]
S3 NetSvc;Intel NCS NetService; C:\Program Files\Intel\NCS\Sync\NetSvc.exe [2003-04-29 139264]
-----------------EOF-----------------
How are things running now ?
Remove Combofix
Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
http://i189.photobucket.com/albums/z176/EPL47/CF_Cleanup.png
Download and Run ComboFix (by sUBs)
Please visit this webpage for instructions for downloading and running ComboFix:
Bleeping Computer ComboFix Tutorial (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
You must download it to and run it from your Desktop
Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
Double click combofix.exe & follow the prompts.
When finished, it will produce a log. Please save that log to post in your next reply
Re-enable all the programs that were disabled during the running of ComboFix..
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
For instructions on how to disable your security programs, please see this topic
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs (http://www.bleepingcomputer.com/forums/topic114351.html)
When I tried to run "combofix /u" it says it can't find file.
Then:
When I tried to download ComboFix, it got to about 99% complete and then returned the error "Cannot copy ComboFix[1]:access denied. Make sure the disk is not full or write protected and that the file is not currently in use." I tried rebooting. Still same thing.
In Internet Explorer, things are much better. Things are still a little slow in general. I can now at least google something and click the link and it works.
Here are a two different options, if the first doesn't work, try the second.
----------------------------------------------------------------------------------------
Click START then RUN
Now type SharonCF.exe /u in the runbox and click OK. Note the space between the uX and the /U, it needs to be there.
----------------------------------------------------------------------------------------
Click START then RUN
Now type c:\documents and settings\Tara Brooks\Desktop\SharonCF.exe /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
----------------------------------------------------------------------------------------
If Combofix is uninstalled sucessfully, please download a fresh copy and run it.
Sorry for the slow response. I have been out of town. Neither option worked. I even "cut & paste" what you typed. No go. Anything else?
Step 1
OTMoveIt
Double-click OTM.exe to run it.
Copy the lines in the codebox below. ( Make sure you include :Processes )
:Processes
explorer.exe
:Services
:Reg
:Files
C:\SharonCF
C:\WINDOWS\system32\CF5437.exe
C:\ComboFix
C:\WINDOWS\system32\CF1267.exe
C:\WINDOWS\system32\CF25605.exe
C:\WINDOWS\system32\CF23165.exe
C:\WINDOWS\system32\CF21310.exe
C:\WINDOWS\system32\CF20337.exe
C:\WINDOWS\zip.exe
C:\WINDOWS\SWXCACLS.exe
C:\WINDOWS\SWSC.exe
C:\WINDOWS\SWREG.exe
C:\WINDOWS\sed.exe
C:\WINDOWS\PEV.exe
C:\WINDOWS\NIRCMD.exe
C:\WINDOWS\grep.exe
C:\Qoobox
:Commands
[Purity]
[EmptyTemp]
[Start Explorer]
Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
- Close ALL open windows (especially Internet Explorer!)-
Click the red Moveit! button.
Copy everything in the Results window (under the green bar), and paste it in your next reply.
Close OTM
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
----------------------------------------------------------------------------------------
Step 2
Download and Run ComboFix
Download Combofix from the link below. Save it to your desktop.
> Link Removed <
( I have renamed the file )
Double click on CleanFix.exe & follow the prompts. When finished, it will produce a report for you. Please post the C:\ComboFix.txt
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall
----------------------------------------------------------------------------------------
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
Some of the logs I request will be quite large, You may need to split them over a couple of replies.
OTMoveIt Log
Combofix Log
How are things running now ?
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\SharonCF\N_ moved successfully.
C:\SharonCF moved successfully.
C:\WINDOWS\system32\CF5437.exe moved successfully.
File/Folder C:\ComboFix not found.
C:\WINDOWS\system32\CF1267.exe moved successfully.
C:\WINDOWS\system32\CF25605.exe moved successfully.
C:\WINDOWS\system32\CF23165.exe moved successfully.
C:\WINDOWS\system32\CF21310.exe moved successfully.
C:\WINDOWS\system32\CF20337.exe moved successfully.
C:\WINDOWS\zip.exe moved successfully.
C:\WINDOWS\SWXCACLS.exe moved successfully.
C:\WINDOWS\SWSC.exe moved successfully.
C:\WINDOWS\SWREG.exe moved successfully.
C:\WINDOWS\sed.exe moved successfully.
C:\WINDOWS\PEV.exe moved successfully.
C:\WINDOWS\NIRCMD.exe moved successfully.
C:\WINDOWS\grep.exe moved successfully.
C:\Qoobox\TestC moved successfully.
C:\Qoobox\Test moved successfully.
C:\Qoobox\Quarantine\Registry_backups moved successfully.
C:\Qoobox\Quarantine\C\windows\Tasks moved successfully.
C:\Qoobox\Quarantine\C\windows\system32\drivers moved successfully.
C:\Qoobox\Quarantine\C\windows\system32 moved successfully.
C:\Qoobox\Quarantine\C\windows moved successfully.
C:\Qoobox\Quarantine\C\Program Files\Adware Professional moved successfully.
C:\Qoobox\Quarantine\C\Program Files moved successfully.
C:\Qoobox\Quarantine\C moved successfully.
C:\Qoobox\Quarantine moved successfully.
C:\Qoobox\LastRun moved successfully.
C:\Qoobox\BackEnv moved successfully.
C:\Qoobox moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Tara Brooks
->Temp folder emptied: 788057 bytes
->Temporary Internet Files folder emptied: 263445586 bytes
->Java cache emptied: 13425503 bytes
->Apple Safari cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
C:\WINDOWS\59224777298D4E9C9AEB4A91BDA01B27.TMP folder deleted successfully.
%systemroot% .tmp files removed: 61457 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\mcmsc_dE7z2fToFo5AvCW scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\mcmsc_PnNgChw5bsYgSce scheduled to be deleted on reboot.
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 8735 bytes
Total Files Cleaned = 264.90 mb
OTM by OldTimer - Version 3.0.0.4 log created on 07122009_221442
Files moved on Reboot...
File C:\WINDOWS\temp\mcmsc_dE7z2fToFo5AvCW not found!
File C:\WINDOWS\temp\mcmsc_PnNgChw5bsYgSce not found!
Registry entries deleted on Reboot...
ComboFix still won't complete the file scan. Also, I have gotten that "link problem" in internet explorer a couple of times today (but not consistently). Otherwise, things are running ok except a little slow.
Also, I have gotten that "link problem" in internet explorer a couple of times today (but not consistently).
That could be just connection problems on the internet.
Are there any other problems ? ( apart from being slow )
Other than being slow, there don't seem to be any other problems.
There is no sign of infection now, so I can only suspect that your problems are software or hardware related.
Congratulations your logs look clean :)
Let's see if I can help you keep it that way
First lets tidy up
Please delete RSIT.exe and C:\RSIT (entire folder)
You can also delete any logs we have produced, and empty your Recycle bin.
Uninstall OTMoveIt (OTM.exe)
Open OTMoveIt Click Cleanup,
When a box pops up click YES.
----------------------------------------------------------- -----------------------------------------------------------
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE (http://secunia.com/software_inspector/) for details
AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
MalwareBytes Anti-malware (http://www.malwarebytes.org/mbam.php) <<< A New and effective program
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 4.0 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/index.php?option=com_content&view=article&id=15&Itemid=33) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/index.php?option=com_content&task=view&id=25&Itemid=25) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again :D
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
Thank you so much for helping me get back on track! I can say enough great things about this site. Seems like all is well on this end.