View Full Version : Similar Problem again !!!
I have somehow picked a what i suspect to be malware...and i am not sure where i got it from...however i suspect it was from a spam mail....anyway here is my HJT.LOG
And my windows security centre is messed up.
please help.
Logfile of HijackThis v1.99.1
Scan saved at 19:44:26, on 2006-12-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\Program\Microsoft Office\OFFICE11\WINWORD.EXE
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\ibgiyhbp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A8CDAA73-A22A-4292-B874-752326C25DBF} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O2 - BHO: (no name) - {EBB43D15-C602-4AFB-9BF8-B29727479A84} - C:\WINDOWS\system32\mlljk.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program\Delade filer\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_i.dll
O20 - Winlogon Notify: efcdbby - C:\WINDOWS\SYSTEM32\efcdbby.dll
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windmh32 - windmh32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: Microsoft authenticate service (MsaSvc) - Unknown owner - C:\WINDOWS\system32\msasvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Angelfire777
2006-12-22, 09:40
Hi, welcome to Spybot Forum!
*Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your Desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.
*Download SDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.
Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log
On your next reply, please include a fresh HijackThis log, SDfix log and the vundofix log.
SDFix: Version 1.51
****************
2006-12-22 - 14:03:45,52
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Stage One - Safe Mode
Checking Services...
Service Name:
MsaSvc
File Path:
C:\WINDOWS\system32\msasvc.exe
MsaSvc Deleted...
Starting Registry Repairs...
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking For Malware:
--------------------
C:\WINDOWS\system32\msasvc.exe
C:\WINDOWS\Temp\win1.tmp
C:\WINDOWS\Temp\win10.tmp
C:\WINDOWS\Temp\win11.tmp
C:\WINDOWS\Temp\win12.tmp
C:\WINDOWS\Temp\win13.tmp
C:\WINDOWS\Temp\win14.tmp
C:\WINDOWS\Temp\win15.tmp
C:\WINDOWS\Temp\win16.tmp
C:\WINDOWS\Temp\win17.tmp
C:\WINDOWS\Temp\win18.tmp
C:\WINDOWS\Temp\win19.tmp
C:\WINDOWS\Temp\win1A.tmp
C:\WINDOWS\Temp\win1B.tmp
C:\WINDOWS\Temp\win1C.tmp
C:\WINDOWS\Temp\win1D.tmp
C:\WINDOWS\Temp\win1E.tmp
C:\WINDOWS\Temp\win1F.tmp
C:\WINDOWS\Temp\win2.tmp
C:\WINDOWS\Temp\win20.tmp
C:\WINDOWS\Temp\win21.tmp
C:\WINDOWS\Temp\win22.tmp
C:\WINDOWS\Temp\win23.tmp
C:\WINDOWS\Temp\win24.tmp
C:\WINDOWS\Temp\win25.tmp
C:\WINDOWS\Temp\win26.tmp
C:\WINDOWS\Temp\win27.tmp
C:\WINDOWS\Temp\win28.tmp
C:\WINDOWS\Temp\win29.tmp
C:\WINDOWS\Temp\win2A.tmp
C:\WINDOWS\Temp\win2B.tmp
C:\WINDOWS\Temp\win2C.tmp
C:\WINDOWS\Temp\win2D.tmp
C:\WINDOWS\Temp\win2E.tmp
C:\WINDOWS\Temp\win2F.tmp
C:\WINDOWS\Temp\win3.tmp
C:\WINDOWS\Temp\win30.tmp
C:\WINDOWS\Temp\win31.tmp
C:\WINDOWS\Temp\win32.tmp
C:\WINDOWS\Temp\win33.tmp
C:\WINDOWS\Temp\win34.tmp
C:\WINDOWS\Temp\win35.tmp
C:\WINDOWS\Temp\win36.tmp
C:\WINDOWS\Temp\win37.tmp
C:\WINDOWS\Temp\win38.tmp
C:\WINDOWS\Temp\win39.tmp
C:\WINDOWS\Temp\win3A.tmp
C:\WINDOWS\Temp\win3B.tmp
C:\WINDOWS\Temp\win3C.tmp
C:\WINDOWS\Temp\win3D.tmp
C:\WINDOWS\Temp\win3F.tmp
C:\WINDOWS\Temp\win4.tmp
C:\WINDOWS\Temp\win40.tmp
C:\WINDOWS\Temp\win41.tmp
C:\WINDOWS\Temp\win42.tmp
C:\WINDOWS\Temp\win43.tmp
C:\WINDOWS\Temp\win5.tmp
C:\WINDOWS\Temp\win6.tmp
C:\WINDOWS\Temp\win7.tmp
C:\WINDOWS\Temp\win8.tmp
C:\WINDOWS\Temp\win9.tmp
C:\WINDOWS\Temp\winA.tmp
C:\WINDOWS\Temp\winB.tmp
C:\WINDOWS\Temp\winC.tmp
C:\WINDOWS\Temp\winD.tmp
C:\WINDOWS\Temp\winE.tmp
C:\WINDOWS\Temp\winF.tmp
C:\WINDOWS\Temp\winFC.tmp
C:\WINDOWS\Temp\winFD.tmp
C:\WINDOWS\Temp\winFE.tmp
C:\WINDOWS\Temp\winFF.tmp
Backing Up and Removing any Files Found...
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Services:
---------
Rootkit PE386 Found!. Rootkit scan Needed...
Authorized Applications Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
Files:
------
Backups Folder: - C:\SDFix\backups\backups.zip
Checking for files with Hidden Attributes:
C:\WINDOWS\SYSTEM32\awvst.dll
C:\WINDOWS\SYSTEM32\efcdbby.dll
C:\WINDOWS\SYSTEM32\nnlml.dll
C:\Program\Messenger\msmsgs.exe
C:\WINDOWS\SYSTEM32\cdplayer.exe.manifest
C:\WINDOWS\SYSTEM32\logonui.exe.manifest
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\Program Files\InterActual\InterActual Player\iti2A.tmp
C:\WINDOWS\Temp\$_2341235.TMP
FINISHED!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 13:43:38 2006-12-01
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\mljgf.dll Could not be deleted.
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\SYSTEM32\fgjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 14:03:14 2006-12-01
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 01:22:02 2006-12-19
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\windmh32.dll
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 15:20:20 2006-12-19
Listing files found while scanning....
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 12:55:15 2006-12-22
Listing files found while scanning....
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Has been deleted!
Performing Repairs to the registry.
Done!
Logfile of HijackThis v1.99.1
Scan saved at 14:31:32, on 2006-12-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\ibgiyhbp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5B034173-5390-4C1A-811E-531CC979B131} - C:\WINDOWS\system32\awvst.dll
O2 - BHO: (no name) - {7FA8828D-AE3F-485F-BDC0-2333C6163E0A} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A8CDAA73-A22A-4292-B874-752326C25DBF} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_i.dll
O20 - Winlogon Notify: awvst - C:\WINDOWS\system32\awvst.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windmh32 - windmh32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Angelfire777
2006-12-22, 16:48
Configure your machine to view hidden files:
Windows XP
Click Start.
Open My Computer..
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the "Hidden files and folders" heading select Show hidden files and folders.
Uncheck the Hide Protected Operating System Files Option.
Click Yes to confirm.
Click OK.
I want you to please submit some files HERE (http://uploadmalware.com/) for experts to take a look at..
Fill in the information needed in the appropriate boxes..
Under "Topic Where File Was Requested:" copy and paste this: http://forums.spybot.info/showthread.php?p=59414#post59414
Under the "files to submit," on the first box, click browse then navigate to this file: C:\WINDOWS\system32\awvst.dll
Hit open.
Finally, click the "Send file" button on the bottom part of the page.
___________________________
*Download
http://www.uploads.ejvindh.net/rustbfix.exe
...and save it to your desktop.
Double click on rustbfix.exe to run the tool. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). Post the content of these logfiles along with a new HijackThis log.
*Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once the scan is complete, Right Click inside the listbox (white box) and click add more files.
Copy&Paste the 2 entries below into the top 2 boxes.
C:\WINDOWS\system32\awvst.dll
C:\WINDOWS\SYSTEM32\tsvwa.*
Click Add Files and click Close Window.
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES.
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
*Run AVG Anti-Spyware
From the main AVG Anti-Spyware screen, click on Update, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Exit AVG Anti-Spyware. DO NOT scan yet.
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\ibgiyhbp.dll
O2 - BHO: (no name) - {5B034173-5390-4C1A-811E-531CC979B131} - C:\WINDOWS\system32\awvst.dll
O2 - BHO: (no name) - {7FA8828D-AE3F-485F-BDC0-2333C6163E0A} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: (no name) - {A8CDAA73-A22A-4292-B874-752326C25DBF} - C:\WINDOWS\system32\jkkji.dll (file missing)
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_i.dll
O20 - Winlogon Notify: awvst - C:\WINDOWS\system32\awvst.dll
O20 - Winlogon Notify: windmh32 - windmh32.dll (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
Close your browsers and all open windows except for HijackThis, then click "Fix checked".
*Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type delservices.bat in the File name and save it to your desktop.
@echo off
sc stop "COM+ Messages"
sc delete "COM+ Messages"
Do not use it yet!!
*You may want to print these instructions here or save them in notepad since you'll work offline.
Reboot into Safe Mode.
To enter Safe Mode..
Click Start > Turn Off Computer > Restart > Tap F8 key just before Windows starts to load, > This will bring up a Menu > Use your keyboard to scroll to Safe Mode> Hit enter.
*Locate delservices.bat on your Desktop and double-click on it.
*Using Windows Explorer, find and delete these files:
C:\WINDOWS\system32\ibgiyhbp.dll
C:\WINDOWS\Downloaded Program Files\fcplugin.dll
C:\WINDOWS\system32\win_i.dll
C:\WINDOWS\system32\windmh32.dll
C:\WINDOWS\SYSTEM32\efcdbby.dll
C:\WINDOWS\SYSTEM32\nnlml.dll
C:\WINDOWS\system32\svchosts.exe <<Important!: There is a legit file called svchost.exe present in the same folder as the infected file. The infected file that we want to delete is svchosts.exe , please be careful in deleting the file.
Empty your recycle bin.
*Please run AVG AntiSpyware, and run a full scan as follow:
IMPORTANT: Do not open any other windows or programs while AVG AntiSpyware is scanning, it may interfere with the scanning process.
Launch AVG AntiSpyware by double-clicking the icon on your desktop.
Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
AVG AntiSpyware will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
If you have any infections you will prompted, then select "Apply all actions"
Next select the "Reports" icon at the top.
Select the "Save Report As" button in the lower left hand of the screen and save it to a text file on your system. (Make sure to remember where you saved that file, this is important).
Close AVG AntiSpyware.
Reboot to normal mode.
*On your next reply, please post the contents of C:\avenger.txt & C:\rustbfix\pelog.txt , C:\vundofix.txt , AVG Antispyware log, and a fresh HijackThis log.
Angelfire 777, i only had one log produced from the rustbfix...avenger txt...
should i continue on with the remaining actions...?
I have submitted the file to uploadmalware....
here is a copy of the avenger txt and hjt log at present....
(i have not proceeded beyond the rustbfix directions you issued as only one log was generated.)
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\irmhbyit
*******************
Script file located at: \??\C:\Documents and Settings\mvcljtim.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver PE386 unloaded successfully.
Logfile of HijackThis v1.99.1
Scan saved at 16:32:13, on 2006-12-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3FD6B99C-A275-46ea-8FD1-3D63986E51E4} - C:\WINDOWS\system32\ibgiyhbp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EE6436B-00BB-4229-8D92-C12654C5B342} - C:\WINDOWS\system32\awvst.dll
O2 - BHO: (no name) - {7FA8828D-AE3F-485F-BDC0-2333C6163E0A} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {A8CDAA73-A22A-4292-B874-752326C25DBF} - C:\WINDOWS\system32\jkkji.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: fcp - {B3133379-8789-4D3C-9593-C205D7297501} - C:\WINDOWS\Downloaded Program Files\fcplugin.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\win_i.dll
O20 - Winlogon Notify: awvst - C:\WINDOWS\system32\awvst.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: windmh32 - windmh32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM+ Messages - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000272 (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Angelfire777
2006-12-23, 06:11
Try running the rustbfix one more time then proceed with the next instructions.
Being a typical guy i was inpatient so i proceeded with the the other actions, I PROMISE I WONT DO IT AGAIN.
Ok logs from everything...
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:12:11 2006-12-22
+ Scan result:
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP519\A0357102.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP519\A0357103.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP519\A0357001.exe -> Downloader.Small.crd : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP519\A0357045.exe -> Downloader.Small.crd : Cleaned.
C:\Documents and Settings\Ägaren\Cookies\ägaren@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Ägaren\Cookies\ägaren@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Ägaren\Cookies\ägaren@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Ägaren\Cookies\ägaren@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Ägaren\Cookies\ägaren@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\WINDOWS\SYSTEM32:lzx32.sys -> Trojan.Rustock.nay : Cleaned.
C:\xfwmjm.exe -> Trojan.Rustock.nay : Cleaned.
C:\System Volume Information\_restore{96B7963F-6FFF-4BD4-9444-33F92F55D17C}\RP522\A0357326.dll -> Trojan.Sinowal.br : Cleaned.
::Report end
Logfile of HijackThis v1.99.1
Scan saved at 17:04:22, on 2006-12-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\svchost.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\Program\Internet Explorer\iexplore.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6EE6436B-00BB-4229-8D92-C12654C5B342} - C:\WINDOWS\system32\awvst.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program\Delade filer\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
************************* Rustock.b-fix -- By ejvindh *************************
2006-12-22 16:10:45,21
******************* Pre-run Status of system *******************
Rootkit driver PE386 is found. Starting the unload-procedure....
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\irmhbyit
*******************
Script file located at: \??\C:\Documents and Settings\mvcljtim.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.
Completed script processing.
*******************
Finished! Terminate.
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 13:43:38 2006-12-01
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\system32\fgjlm.ini
C:\WINDOWS\system32\fgjlm.bak1
C:\WINDOWS\system32\fgjlm.bak2
C:\WINDOWS\system32\fgjlm.ini2
C:\WINDOWS\system32\fgjlm.tmp
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\mljgf.dll
C:\WINDOWS\SYSTEM32\mljgf.dll Could not be deleted.
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini
C:\WINDOWS\SYSTEM32\fgjlm.ini Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak1
C:\WINDOWS\SYSTEM32\fgjlm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.bak2
C:\WINDOWS\SYSTEM32\fgjlm.bak2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.ini2
C:\WINDOWS\SYSTEM32\fgjlm.ini2 Has been deleted!
Attempting to delete C:\WINDOWS\SYSTEM32\fgjlm.tmp
C:\WINDOWS\SYSTEM32\fgjlm.tmp Has been deleted!
Attempting to delete C:\WINDOWS\system32\mljgf.dll
C:\WINDOWS\system32\mljgf.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 14:03:14 2006-12-01
Listing files found while scanning....
No infected files were found.
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 01:22:02 2006-12-19
Listing files found while scanning....
C:\WINDOWS\SYSTEM32\windmh32.dll
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 15:20:20 2006-12-19
Listing files found while scanning....
C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.bak1
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkkj.bak1
C:\WINDOWS\system32\ijkkj.bak1 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\jkkji.dll
C:\WINDOWS\system32\jkkji.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\ijkkj.ini
C:\WINDOWS\system32\ijkkj.ini Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 12:55:15 2006-12-22
Listing files found while scanning....
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1 Has been deleted!
Attempting to delete C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 20:13:55 2006-12-22
Listing files found while scanning....
C:\WINDOWS\system32\awvst.dll
C:\WINDOWS\system32\tsvwa.ini
C:\WINDOWS\system32\tsvwa.bak2
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awvst.dll
C:\WINDOWS\system32\awvst.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\tsvwa.ini
C:\WINDOWS\system32\tsvwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\tsvwa.bak2
C:\WINDOWS\system32\tsvwa.bak2 Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.2.13
Checking Java version...
Sun Java not detected
Scan started at 17:05:52 2006-12-23
Listing files found while scanning....
Angelfire777
2006-12-24, 02:39
By the way, while searching I found your previous thread with Shaba
http://forums.spybot.info/showthread.php?t=9353
Any reason why you left him?
*Did you have any Norton Antivirus products in your machine before? If so, please run this tool HERE (http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/pfdocs/2005033108162039) to remove all leftovers of the Norton products.
*Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
O2 - BHO: (no name) - {6EE6436B-00BB-4229-8D92-C12654C5B342} - C:\WINDOWS\system32\awvst.dll (file missing)
O16 - DPF: {9C196458-4145-46AF-8A77-1506878DFECA} (FirstClass® Control) - http://www.zonline.se/ClientDownloads/fcplugin.cab
Close your browsers and all open windows except for HijackThis, then click "Fix checked".
*Download Gmer from here:
http://gmer.thespykiller.co.uk/gmer.zip
Disconnect from internet and close running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double click gmer.exe
Let the gmer.sys driver load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run scan...say Ok.
If no warning....
Click "Rootkit" tab and click "Scan"
Once done, click "Copy"
Open Notepad and hit "ctrl+v" to paste the log.
Reconnect to the internet and post the log back to this thread please.
On your next reply, please include a fresh HijackThis log, gmer log and a description on how your machine is running.
Yes i had nortons before, but i got rid of it, it was actually during that phase that i seemed to get all these viruses...my fault.
Yes Shaba was my previous handler and i have nothing against him/her, it ended, i lost the thread so to speak, as i was away for a while with work....
So thought i would start over...anyway....
Logfile of HijackThis v1.99.1
Scan saved at 04:19:30, on 2006-12-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program\Grisoft\AVG Free\avgcc.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
i cant seem to be able to post the gmer log...seems that when i try the ie slows right down then it fails to find the website....did that make any sense?
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2006-12-24 03:45:26
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateProcessEx
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateSection
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwSetInformationFile
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \SystemRoot\System32\vsdatant.sys ZwTerminateProcess
---- Kernel code sections - GMER 1.0.12 ----
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 3C, EA, F8, E0, 9E, EA, ... ]
.text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [ 60, 3C, EA, F8, E0, 9E, EA, ... ]
---- User code sections - GMER 1.0.12 ----
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NlsMbOemCodePageTag + FFF84FE8 7C901000 140 Bytes [ AF, 69, FF, FF, 83, C4, 0C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlEnterCriticalSection + 88 7C90108D 74 Bytes [ 83, C4, 0C, 85, F6, 75, 2C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlEnterCriticalSection + D3 7C9010D8 77 Bytes CALL 7C8F7AB3 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlLeaveCriticalSection + 3B 7C901128 85 Bytes [ 4E, 65, 74, 70, 56, 61, 6C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrInitializeThunk 7C90117E 62 Bytes [ 90, 90, 4E, 65, 74, 70, 43, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContextUnsafeFast + 8 7C9011BD 74 Bytes [ 20, 30, 78, 25, 6C, 78, 0A, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + E 7C901208 7 Bytes [ 42, 00, 55, 00, 49, 00, 4C ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeactivateActivationContextUnsafeFast + 16 7C901210 64 Bytes [ 54, 00, 49, 00, 4E, 00, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCurrentTeb + 1 7C901251 8 Bytes [ 20, 30, 78, 25, 6C, 78, 0A, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitString 7C90125C 134 Bytes [ 90, 90, 90, 90, 4E, 65, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitUnicodeString + D 7C9012E3 226 Bytes [ 90, 4E, 65, 74, 70, 56, 61, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!log 7C9013CA 89 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 51 7C901424 3 Bytes [ 00, 04, 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 55 7C901428 10 Bytes [ 85, F0, FD, FF, FF, 8B, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 60 7C901433 1 Byte [ 08 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 62 7C901435 15 Bytes [ 68, 84, D4, 96, 60, 89, B5, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIlog + 73 7C901446 41 Bytes [ 89, B5, BC, FD, FF, FF, 89, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 13 7C9014CA 2 Bytes [ 8A, 07 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 16 7C9014CD 73 Bytes [ C7, 02, 88, 85, D0, FD, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 60 7C901517 28 Bytes [ 8D, 85, AC, FD, FF, FF, 50, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + 7D 7C901534 43 Bytes [ FD, FF, FF, FF, 73, 04, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_CIpow + A9 7C901560 102 Bytes [ 04, 89, 85, C8, FD, FF, FF, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sin + 39 7C901718 34 Bytes [ 85, BC, FD, FF, FF, 50, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sin + 5C 7C90173B 55 Bytes [ B8, FD, FF, FF, 89, 43, 0C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sin + 94 7C901773 63 Bytes CALL 7C8FAE35
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sqrt + 21 7C9017B3 19 Bytes [ 50, FF, B5, E0, FD, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sqrt + 35 7C9017C7 49 Bytes [ F8, FD, FF, FF, 89, 43, 10, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!sqrt + 68 7C9017FA 287 Bytes CALL 7C8FC0BE
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_alldvrm + 2E 7C90191A 618 Bytes [ F0, 56, 68, 2C, D3, 96, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aulldiv + 39 7C901B85 46 Bytes [ 85, F6, 75, 07, 83, 8D, F4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aulldiv + 68 7C901BB4 6 Bytes [ 75, 04, 85, F6, 75, 37 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aulldvrm + 2 7C901BBB 231 Bytes [ 85, CC, FD, FF, FF, 6A, 01, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aullrem + 50 7C901CA3 66 Bytes [ BB, 00, 00, 20, 00, 74, 27, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_aullshr + 19 7C901CE6 239 Bytes [ 57, 9D, FF, FF, 83, BD, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!atan + 61 7C901DD6 174 Bytes [ B5, B8, FD, FF, FF, E8, A9, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!ceil + 67 7C901E85 195 Bytes [ FF, B5, E4, FD, FF, FF, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!ceil + 12B 7C901F49 47 Bytes [ 90, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!floor + 1C 7C901F79 157 Bytes [ 72, 65, 6D, 6F, 76, 69, 6E, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!floor + BA 7C902017 89 Bytes [ 90, 4E, 65, 74, 70, 41, 70, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!floor + 114 7C902071 77 Bytes [ 90, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memchr + 1A 7C9020BF 142 Bytes [ 70, 41, 70, 70, 6C, 79, 4A, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcmp 7C90214F 113 Bytes [ 90, 4E, 65, 74, 70, 41, 70, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcmp + 72 7C9021C1 99 Bytes [ 73, 20, 6F, 66, 20, 73, 65, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcpy + 25 7C902225 605 Bytes [ 90, 90, 90, 4E, 65, 74, 70, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memcpy + 283 7C902483 275 Bytes [ 90, 4E, 65, 74, 70, 41, 70, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 5D 7C902597 100 Bytes CALL 7C8DC74E C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + C2 7C9025FC 282 Bytes [ 90, 90, 90, 90, 4E, 65, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 1DD 7C902717 167 Bytes [ 61, 64, 69, 6E, 67, 20, 6A, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 285 7C9027BF 116 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!memmove + 2FA 7C902834 39 Bytes [ 5D, C2, 08, 00, 4E, 65, 74, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcpy + 1 7C9028D8 86 Bytes [ 89, 85, C0, FD, FF, FF, 66, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcat + 43 7C90292F 37 Bytes [ 88, 9D, D9, FD, FF, FF, 89, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcat + 6B 7C902957 74 Bytes [ 66, AB, 89, 9D, EC, FD, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcat + B6 7C9029A2 83 Bytes [ B5, F0, FD, FF, FF, E8, 63, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strcmp + 25 7C9029F6 208 Bytes [ B9, 4F, FF, FF, FF, 75, 1C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strlen + 2A 7C902AC7 69 Bytes [ 57, 8D, 85, D0, FD, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strlen + 70 7C902B0D 350 Bytes [ 85, F4, FD, FF, FF, 50, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncmp + 29 7C902C6C 30 Bytes [ FF, 68, C4, F1, 96, 60, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncpy + B 7C902C8B 172 Bytes [ 53, FF, B5, CC, FD, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncpy + B8 7C902D38 19 Bytes CALL 7C8DC750 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strncpy + CD 7C902D4D 59 Bytes [ 00, 80, 53, 53, FF, B5, CC, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strpbrk + 6 7C902D89 26 Bytes [ 8B, 85, EC, FD, FF, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strpbrk + 21 7C902DA4 144 Bytes [ 8D, EC, FD, FF, FF, 83, C4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strspn + 48 7C902E35 3 Bytes JMP 7C903739 C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strspn + 4D 7C902E3A 108 Bytes [ A9, 00, 00, 00, 40, 75, 05, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!tan + 69 7C902EA7 97 Bytes JMP 7C90373A C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!tan + CB 7C902F09 57 Bytes [ B5, 74, FD, FF, FF, 3B, F3, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!tan + 105 7C902F43 512 Bytes [ 00, 8D, B5, F8, FD, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlZeroMemory + 29 7C903144 118 Bytes [ 39, 9D, B0, FD, FF, FF, 0F, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 6A 7C9031BB 116 Bytes [ FF, B5, 9C, FD, FF, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + DF 7C903230 60 Bytes [ FF, FF, 83, FF, 57, 59, 59, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 11C 7C90326D 207 Bytes [ 85, F8, 02, 00, 00, 8D, 85, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 1EC 7C90333D 48 Bytes [ 85, 28, 02, 00, 00, 39, 9D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMoveMemory + 21D 7C90336E 38 Bytes [ 85, B8, FD, FF, FF, 3B, C3, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedLargeIntegerDivide + 24 7C903549 56 Bytes [ 56, FF, B5, 6C, FD, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedLargeIntegerDivide + 5D 7C903582 124 Bytes [ FF, 8B, 40, 04, 83, F8, 04, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedMagicDivide + 78 7C9035FF 62 Bytes CALL 7C8F79B1 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedIntegerMultiply + 23 7C903640 53 Bytes [ F6, 45, 1C, 02, 0F, 84, A0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExtendedIntegerMultiply + 59 7C903676 252 Bytes [ FF, FF, B5, B4, FD, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 2E 7C903773 32 Bytes [ 39, 9D, A8, FD, FF, FF, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 4F 7C903794 13 Bytes CALL 7C8E2305 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 5D 7C9037A2 15 Bytes [ B5, 8C, FD, FF, FF, E8, 59, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertUlongToLargeInteger + 6D 7C9037B2 229 Bytes [ 74, 56, 8D, 85, D0, FD, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 53 7C903898 58 Bytes [ 4E, 65, 74, 70, 4A, 6F, 69, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 8E 7C9038D3 60 Bytes [ 90, 4E, 65, 74, 70, 4A, 6F, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + CB 7C903910 137 Bytes [ 4E, 65, 74, 70, 4A, 6F, 69, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 15E3 7C904E28 2 Bytes JMP 7C904EE4 C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCaptureContext + 15E7 7C904E2C 18 Bytes [ 00, 40, 89, 46, 04, 8D, 45, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAccessCheckAndAuditAlarm + 3 7C90D3A6 55 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAccessCheckByTypeResultList 7C90D3E2 31 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAccessCheckByTypeResultListAndAuditAlarm + B 7C90D402 37 Bytes [ D6, 8D, 45, F8, 50, 8D, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAddAtom + 7 7C90D428 49 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAdjustGroupsToken + F 7C90D45A 79 Bytes [ 00, 00, 53, 8B, 5D, 0C, 3B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAllocateLocallyUniqueId + B 7C90D4AA 3 Bytes [ 83, 7D, F0 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtAllocateLocallyUniqueId + F 7C90D4AE 125 Bytes [ 5B, 74, 08, FF, 75, F0, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCallbackReturn + F 7C90D52C 9 Bytes [ 00, 8D, 45, F8, 50, 68, 19, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelDeviceWakeupRequest + 4 7C90D536 6 Bytes [ 57, 68, D8, 06, 97, 60 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelDeviceWakeupRequest + B 7C90D53D 16 Bytes [ 75, EC, FF, 15, E0, 10, 94, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelIoFile + 7 7C90D54E 3 Bytes JMP 7C90D495 C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCancelIoFile + B 7C90D552 161 Bytes [ FF, FF, 3B, C7, 0F, 85, F2, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCompressKey + 5 7C90D5F4 89 Bytes [ 74, 08, FF, 75, FC, E8, 32, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateDirectoryObject + B 7C90D64E 109 Bytes [ 8B, F0, EB, 54, 53, FF, 15, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobObject + 10 7C90D6BC 7 Bytes [ 53, 00, 79, 00, 73, 00, 74 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + 3 7C90D6C4 1 Byte [ 65 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + 5 7C90D6C6 1 Byte [ 6D ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + 7 7C90D6C8 7 Bytes [ 52, 00, 6F, 00, 6F, 00, 74 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateJobSet + F 7C90D6D0 2 Bytes [ 00, 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [ 90, 90, 53 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateKey + 4 7C90D6DA 19 Bytes [ 6F, 00, 66, 00, 74, 00, 77, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + 3 7C90D6EE 1 Byte [ 63 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + 5 7C90D6F0 1 Byte [ 72 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + 7 7C90D6F2 7 Bytes [ 6F, 00, 73, 00, 6F, 00, 66 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMailslotFile + F 7C90D6FA 9 Bytes [ 74, 00, 5C, 00, 57, 00, 69, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateMutant + 4 7C90D704 19 Bytes [ 64, 00, 6F, 00, 77, 00, 73, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + 3 7C90D718 1 Byte [ 72 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + 5 7C90D71A 1 Byte [ 72 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + 7 7C90D71C 7 Bytes [ 65, 00, 6E, 00, 74, 00, 56 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateNamedPipeFile + F 7C90D724 9 Bytes [ 65, 00, 72, 00, 73, 00, 69, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreatePagingFile + 4 7C90D72E 2 Bytes [ 6E, 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreatePagingFile + 7 7C90D731 83 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateProfile + 7 7C90D785 50 Bytes [ 85, C0, 7C, 1B, 8B, 75, E0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateSemaphore + 10 7C90D7B8 80 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtCreateToken + D 7C90D809 54 Bytes [ 60, 01, 00, 8B, 4D, FC, 5F, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDebugContinue + 5 7C90D840 102 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDeleteKey + 3 7C90D8A7 7 Bytes [ 8D, 45, D0, 50, E8, 95, FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDeleteKey + B 7C90D8AF 71 Bytes [ FF, A1, 98, F7, 98, 60, 3B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDeviceIoControlFile + 14 7C90D8F7 37 Bytes [ 50, 8D, 45, 84, 50, 89, 7D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtDuplicateObject + 10 7C90D91D 97 Bytes CALL 7C90D734 C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtEnumerateValueKey + 9 7C90D97F 1 Byte [ FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtEnumerateValueKey + B 7C90D981 24 Bytes [ 6A, 08, 8D, 45, B0, 50, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtExtendSection + F 7C90D99A 189 Bytes [ C0, 81, FE, 22, 00, 00, C0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtFreeVirtualMemory + 12 7C90DA5A 13 Bytes [ 8B, FF, 55, 8B, EC, 56, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtFsControlFile + B 7C90DA68 20 Bytes [ FF, FF, FF, 75, 0C, 56, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtGetContextThread + B 7C90DA7D 135 Bytes [ FF, 56, FF, 15, D8, 12, 94, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtInitializeRegistry 7C90DB05 94 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtListenPort + B 7C90DB64 29 Bytes [ 15, 70, 10, 94, 60, 85, C0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey 7C90DB83 25 Bytes [ 90, 90, 90, 8B, FF, 55, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey2 + 5 7C90DB9D 1 Byte [ 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey2 + 7 7C90DB9F 7 Bytes [ 51, FF, 75, 10, C7, 00, 18 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLoadKey2 + F 7C90DBA7 20 Bytes [ 00, 00, 50, 68, 00, 00, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLockFile + F
7C90DBBC 18 Bytes [ 00, 00, 89, 50, 08, 89, 48, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLockProductActivationKeys + D 7C90DBCF 1 Byte [ 0C ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtLockProductActivationKeys + 14 7C90DBD6 95 Bytes [ 8B, FF, 53, 57, 6A, 01, 33, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtMapUserPhysicalPages + B 7C90DC36 98 Bytes [ D6, 57, FF, D6, 5E, 5F, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtNotifyChangeKey + 5 7C90DC99 89 Bytes [ A1, 68, E1, 98, 60, 57, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenEventPair + B 7C90DCF3 22 Bytes [ 15, 68, 11, 94, 60, 6A, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenFile + D 7C90DD0A 1 Byte [ 04 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenFile + 14 7C90DD11 25 Bytes [ 8B, FF, 56, BE, A0, E2, 98, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenJobObject + 4 7C90DD2B 6 Bytes [ FF, 35, E8, F7, 98, 60 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenJobObject + B 7C90DD32 20 Bytes [ 15, 14, 13, 94, 60, 56, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenKey + B 7C90DD47 129 Bytes [ 55, 8B, EC, 83, EC, 44, A1, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenSection + F 7C90DDC9 49 Bytes [ 00, 74, ED, 3D, 01, 01, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenThread + 2 7C90DDFB 168 Bytes [ E2, 98, 60, 56, FF, 15, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtPrivilegedServiceAuditAlarm + 3 7C90DEA4 117 Bytes [ E3, 98, 60, 56, 56, 68, 5C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryBootOptions + 11 7C90DF1B 33 Bytes [ 6A, 14, 68, B0, 0F, 97, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryDefaultLocale + 9 7C90DF3D 1 Byte [ FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryDefaultLocale + B 7C90DF3F 41 Bytes [ 8B, 46, 2C, 89, 45, E0, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryDirectoryFile + B 7C90DF69 46 Bytes [ 15, 68, 11, 94, 60, 85, DB, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryEaFile + 13 7C90DF9B 17 Bytes CALL 7C8D2D23 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryEvent + 13 7C90DFB0 81 Bytes [ FF, FF, FF, FF, 92, 0F, 97, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryInformationPort 7C90E006 44 Bytes [ 6A, 18, 68, B8, 10, 98, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryInformationThread + 4 7C90E034 11 Bytes [ 75, 53, C7, 45, E4, 01, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryInformationThread + 14 7C90E044 4 Bytes [ 8B, 45, EC, 8B ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryInformationToken + 4 7C90E049 11 Bytes [ 8B, 00, 89, 45, DC, 33, C0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryInformationToken + 12 7C90E057 9 Bytes CALL 3C6D5DDD
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryInstallUILanguage + 7 7C90E061 18 Bytes [ 75, 0B, FF, 4D, E0, 75, 06, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryIntervalProfile + 5 7C90E074 5 Bytes [ 68, D8, 13, 95, 60 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryIntervalProfile + B 7C90E07A 35 Bytes [ 75, 08, FF, 75, DC, 68, A0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryKey + 5 7C90E09E 20 Bytes [ 90, 90, 49, 5F, 4E, 65, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryMultipleValueKey + 5 7C90E0B3 5 Bytes [ 90, 90, 90, 90, 90 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryMultipleValueKey + B 7C90E0B9 33 Bytes [ FF, FF, FF, 44, 10, 98, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryObject + 4 7C90E0DC 40 Bytes [ 83, 65, E4, 00, 83, 65, FC, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryPerformanceCounter + 4 7C90E106 11 Bytes [ 75, 53, C7, 45, E4, 01, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryPerformanceCounter + 14 7C90E116 4 Bytes [ 8B, 45, EC, 8B ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryQuotaInformationFile + 4 7C90E11B 11 Bytes [ 8B, 00, 89, 45, DC, 33, C0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryQuotaInformationFile + 12 7C90E129 9 Bytes CALL 3C6D5EAF
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQuerySection + 7 7C90E133 18 Bytes [ 75, 0B, FF, 4D, E0, 75, 06, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQuerySecurityObject + 5 7C90E146 5 Bytes [ 68, D8, 13, 95, 60 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQuerySecurityObject + B 7C90E14C 35 Bytes [ 75, 08, FF, 75, DC, 68, 70, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQuerySymbolicLinkObject + 5 7C90E170 31 Bytes [ 4E, 65, 74, 44, 66, 73, 43, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQuerySystemEnvironmentValue + 10 7C90E190 72 Bytes [ FF, FF, FF, FF, 16, 11, 98, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryTimer + 5 7C90E1D9 1 Byte [ 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryTimer + 7 7C90E1DB 83 Bytes [ EB, 4A, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtQueryVolumeInformationFile + 7 7C90E22F 39 Bytes [ 74, 03, 6A, 32, 58, E8, 37, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRaiseException + 5 7C90E257 13 Bytes [ 90, FF, FF, FF, FF, E2, 11, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRaiseHardError 7C90E267 24 Bytes [ 90, 90, 6A, 18, 68, 28, 13, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReadFile + 4 7C90E280 19 Bytes [ 83, 65, FC, 00, FF, 75, 14, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReadFileScatter + 4 7C90E295 52 Bytes [ 89, 45, D8, 3D, A6, 09, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReadVirtualMemory + F 7C90E2CA 37 Bytes [ 75, 0B, FF, 4D, E0, 75, 06, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReleaseMutant + B 7C90E2F0 50 Bytes [ FC, FF, 83, 4D, FC, FF, 83, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRemoveProcessDebug 7C90E324 16 Bytes [ 90, 90, 90, 90, FF, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRenameKey 7C90E339 48 Bytes CALL 64F17B51
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReplyPort + 7 7C90E36A 7 Bytes [ 75, 53, C7, 45, E4, 01, 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReplyPort + F 7C90E372 3 Bytes [ 00, EB, 4A ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReplyWaitReceivePort 7C90E378 6 Bytes [ 90, 90, 8B, 45, EC, 8B ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReplyWaitReceivePort + 7 7C90E37F 9 Bytes [ 8B, 00, 89, 45, DC, 33, C0, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtReplyWaitReceivePortEx 7C90E38D 90 Bytes CALL 3C6D6113
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRequestWaitReplyPort + 7 7C90E3E8 3 Bytes [ FF, FF, FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRequestWaitReplyPort + B 7C90E3EC 8 Bytes [ 7A, 13, 98, 60, 8D, 13, 98, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRequestWakeupLatency 7C90E3F6 25 Bytes [ 90, 90, 90, 6A, 18, 68, B8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtResetEvent + 5 7C90E410 41 Bytes [ 83, 65, FC, 00, FF, 75, 1C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRestoreKey + 5 7C90E43A 1 Byte [ 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtRestoreKey + 7 7C90E43C 83 Bytes [ EB, 4A, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSaveKeyEx + 7 7C90E490 13 Bytes [ 74, 03, 6A, 32, 58, E8, D6, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSaveMergedKeys 7C90E49E 23 Bytes [ 90, 90, 4E, 65, 74, 44, 66, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSecureConnectPort + 3 7C90E4B6 14 Bytes [ 90, 90, FF, FF, FF, FF, 43, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetBootEntryOrder 7C90E4C8 23 Bytes [ 90, 6A, 18, 68, 80, 15, 98, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetBootOptions + 3 7C90E4E0 3 Bytes [ 83, 65, FC ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetBootOptions + 7 7C90E4E4 3 Bytes [ FF, 75, 14 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetBootOptions + B 7C90E4E8 12 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetContextThread + 3 7C90E4F5 38 Bytes [ 89, 45, D8, 3D, A6, 09, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetDefaultHardErrorPort 7C90E51C 99 Bytes [ 90, 90, 90, 90, 8B, 65, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetEvent + 10 7C90E580 72 Bytes [ FF, FF, FF, FF, 0D, 15, 98, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetInformationDebugObject + 5 7C90E5C9 1 Byte [ 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetInformationDebugObject + 7 7C90E5CB 83 Bytes [ EB, 4A, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetInformationObject + 7 7C90E61F 32 Bytes [ 74, 03, 6A, 32, 58, E8, 47, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetInformationProcess + 13 7C90E640 90 Bytes [ FF, FF, FF, FF, D2, 15, 98, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetLdtEntries + 5 7C90E69B 1 Byte [ 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetLdtEntries + 7 7C90E69D 83 Bytes [ EB, 4A, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSecurityObject + 7 7C90E6F1 13 Bytes [ 74, 03, 6A, 32, 58, E8, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemEnvironmentValue 7C90E6FF 37 Bytes [ 90, 4E, 65, 74, 44, 66, 73, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemInformation 7C90E729 3 Bytes [ 68, D8, 01 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemInformation + 5 7C90E72E 24 Bytes [ 68, A8, 19, 98, 60, E8, F8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemPowerState + 9 7C90E747 1 Byte [ FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemPowerState + B 7C90E749 2 Bytes [ 8B, 5D ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemPowerState + E 7C90E74C 17 Bytes [ 89, 9D, 38, FE, FF, FF, 83, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemTime + B 7C90E75E 3 Bytes [ FF, 01, 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetSystemTime + F 7C90E762 94 Bytes [ 00, 83, A5, 2C, FE, FF, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSetValueKey + 5 7C90E7C1 47 Bytes [ 00, 75, 14, FF, 8D, 28, FE, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtShutdownSystem + B 7C90E7F1 55 Bytes [ FF, 68, 8C, 19, 98, 60, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtStopProfile + 5 7C90E82A 3 Bytes [ FF, B5, 40 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtStopProfile + 9 7C90E82E 1 Byte [ FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtStopProfile + B 7C90E830 20 Bytes CALL 7C8D0CAE C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSuspendProcess + B 7C90E845 12 Bytes [ FF, 85, F6, 75, 08, 6A, 08, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSuspendThread + 3 7C90E852 32 Bytes [ FF, B5, 40, FE, FF, FF, 68, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtSystemDebugControl + F 7C90E873 121 Bytes [ 00, 00, 0F, BF, 48, 0A, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtTranslateFilePath + B 7C90E8ED 34 Bytes [ FF, 8B, F0, FF, B5, 34, FE, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtUnloadKey + 4 7C90E910 31 Bytes [ 3B, C7, 74, 3E, 53, 50, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtUnloadKeyEx + F 7C90E930 16 Bytes [ 01, 00, 00, 00, 8B, 03, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtUnlockFile + B 7C90E941 69 Bytes [ FF, FF, 30, 8B, 03, FF, 70, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtVdmControl + 13 7C90E988 33 Bytes [ 25, 77, 73, 00, 4E, 65, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtWaitForMultipleObjects + B 7C90E9AA 129 Bytes [ FF, FF, 9F, 17, 98, 60, B5, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtWriteRequestData + F 7C90EA2C 12 Bytes [ 8B, 45, EC, 83, 78, 08, 01, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtWriteVirtualMemory + 7 7C90EA39 20 Bytes CALL 7C8D0CAB C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtYieldExecution + 7 7C90EA4E 41 Bytes [ 00, 8B, 40, 04, 83, C0, 04, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenKeyedEvent + 7 7C90EA78 3 Bytes [ 53, 53, 56 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtOpenKeyedEvent + B 7C90EA7C 35 Bytes [ 15, 48, D1, 98, 60, 83, C4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!NtWaitForKeyedEvent + 5 7C90EAA0 36 Bytes [ 00, 3B, FB, 0F, 85, EB, 01, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!KiUserApcDispatcher + 5 7C90EAC5 70 Bytes [ 68, 00, 8D, 94, 60, 56, C7, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!KiUserExceptionDispatcher + 20 7C90EB0C 115 Bytes [ 0F, 84, 1E, 04, 00, 00, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!KiRaiseUserExceptionDispatcher + 43 7C90EB80 58 Bytes [ 8B, CF, 8B, 7D, FC, 8B, D1, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlRaiseException + F 7C90EBBB 5 Bytes [ 68, A8, 1F, 98, 60 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlRaiseException + 15 7C90EBC1 15 Bytes CALL 7C8D47B7 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlRaiseException + 25 7C90EBD1 109 Bytes [ 8B, 7D, F8, FF, 37, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlRaiseException + 93 7C90EC3F 13 Bytes [ 15, 70, D1, 98, 60, 3B, C3, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlRaiseException + A1 7C90EC4D 267 Bytes [ 00, FF, 75, D4, 50, 56, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strchr + 58 7C90ED59 149 Bytes [ 00, 00, FF, 75, F4, 56, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strchr + EE 7C90EDEF 52 Bytes [ 75, E4, 8B, 4D, F0, 8B, 55, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strchr + 123 7C90EE24 2 Bytes [ 45, EC ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strchr + 126 7C90EE27 100 Bytes [ 4D, F0, C1, E0, 02, 89, 1C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!strchr + 18C 7C90EE8D 168 Bytes [ 00, 8B, 55, E0, 8B, 4D, EC, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAnsiStringToUnicodeString + 2 7C90F04E 58 Bytes [ 75, 20, FF, 75, 18, 8D, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAnsiStringToUnicodeString + 3D 7C90F089 9 Bytes [ 00, 75, 56, C7, 45, E4, 01, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAnsiStringToUnicodeString + 47 7C90F093 8 Bytes [ EB, 4D, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAnsiStringToUnicodeString + 50 7C90F09C 216 Bytes [ EC, 8B, 00, 8B, 00, 89, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAnsiStringToUnicodeString + 129 7C90F175 19 Bytes [ 90, 90, 8B, 45, EC, 8B, 00, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiByteToUnicodeN + 76 7C90F241 2 Bytes [ FF, 75 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiByteToUnicodeN + 79 7C90F244 14 Bytes CALL 7C910EDC C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiByteToUnicodeN + 88 7C90F253 207 Bytes [ 8B, 55, 18, 89, 0A, 8B, 4D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiByteToUnicodeN + 158 7C90F323 20 Bytes CALL 64F18B4B
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiByteToUnicodeN + 16E 7C90F339 4 Bytes [ 00, 83, 65, E4 ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlNtStatusToDosError 7C90FB3D 101 Bytes [ 90, 8B, 45, EC, 8B, 00, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 1A 7C90FBA3 21 Bytes [ C2, 10, 00, 90, 90, 4E, 65, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 30 7C90FBB9 121 Bytes [ 90, 90, 90, 90, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlNtStatusToDosErrorNoTeb + AA 7C90FC33 78 Bytes CALL 3C6D79B9
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlNtStatusToDosErrorNoTeb + FA 7C90FC83 7 Bytes CALL 7C8D0C70 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlNtStatusToDosErrorNoTeb + 102 7C90FC8B 23 Bytes [ 90, 4E, 65, 74, 53, 65, 72, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAddRefActivationContext + 3A 7C91011C 133 Bytes [ 45, EC, 8B, 00, 8B, 00, 89, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAddRefActivationContext + C0 7C9101A2 34 Bytes [ 90, 90, 90, 90, 90, 90, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAddRefActivationContext + E3 7C9101C5 62 Bytes [ C7, 45, E0, 01, 00, 00, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryInformationActivationContext + 22 7C910204 24 Bytes [ 00, 8B, 00, 89, 45, DC, 33, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryInformationActivationContext + 3B 7C91021D 18 Bytes [ 75, 0B, FF, 4D, E0, 75, 06, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryInformationActivationContext + 4E 7C910230 28 Bytes [ 68, D8, 13, 95, 60, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryInformationActivationContext + 6B 7C91024D 47 Bytes [ 74, 14, FF, 75, 18, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryInformationActivationContext + 9B 7C91027D 164 Bytes [ 90, 90, 90, FF, FF, FF, FF, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetLastWin32Error + 4 7C910335 8 Bytes CALL 7C8D0C70 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlRestoreLastWin32Error 7C910340 21 Bytes [ 4E, 65, 74, 70, 73, 4E, 61, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlRestoreLastWin32Error + 18 7C910358 3 Bytes [ FF, FF, FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcslen + 2 7C91035C 8 Bytes [ D5, 32, 98, 60, E8, 32, 98, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcslen + F 7C910369 9 Bytes [ 6A, 18, 68, 40, 34, 98, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcslen + 19 7C910373 120 Bytes [ FC, FF, C7, 45, E0, 01, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitUnicodeStringEx + 47 7C9103EC 25 Bytes [ 75, 08, FF, 75, DC, 68, 28, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitUnicodeStringEx + 61 7C910406 24 Bytes [ 75, 20, FF, 75, 1C, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitUnicodeStringEx + 7A 7C91041F 8 Bytes CALL 7C8D0C70 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitUnicodeStringEx + 83 7C910428 58 Bytes [ 4E, 65, 74, 70, 73, 50, 61, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeHeap + 26 7C910463 8 Bytes [ 00, 83, 65, E4, 00, 83, 65, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeHeap + 2F 7C91046C 33 Bytes [ FF, 75, 18, FF, 75, 14, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeHeap + 52 7C91048F 65 Bytes [ 00, 00, EB, 4A, 90, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeHeap + 94 7C9104D1 49 Bytes [ 75, DC, 68, 04, 35, 98, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeHeap + C6 7C910503 54 Bytes [ 90, 4E, 65, 74, 70, 73, 50, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAllocateHeap + 17 7C9105EB 20 Bytes [ FF, 6D, 35, 98, 60, 80, 35, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAllocateHeap + 2C 7C910600 15 Bytes CALL 7C8D0C30 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAllocateHeap + 3C 7C910610 118 Bytes [ 83, 65, FC, 00, FF, 75, 10, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAllocateHeap + B3 7C910687 48 Bytes [ 74, 03, 6A, 32, 58, 3D, 2E, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAllocateHeap + E4 7C9106B8 56 Bytes [ FF, FF, FF, FF, 3A, 36, 98, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageDirectoryEntryToData + 1 7C910857 7 Bytes [ B5, EC, FE, FF, FF, 83, C6 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageDirectoryEntryToData + 9 7C91085F 14 Bytes [ 33, DB, 39, BD, F0, FE, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageDirectoryEntryToData + 18 7C91086E 131 Bytes [ FF, 83, C7, 04, FF, 76, FC, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUpcaseUnicodeChar + 2 7C9108F2 39 Bytes [ B5, EC, FE, FF, FF, E8, 34, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquirePebLock 7C91091D 37 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquirePebLock + 26 7C910943 5 Bytes [ 88, 9D, F7, FE, FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquirePebLock + 2C 7C910949 153 Bytes [ 75, 08, 6A, 57, 58, E9, F9, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeAnsiString + 6D 7C9109E3 11 Bytes [ 39, 46, 04, 75, 3F, 50, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlSizeHeap + 2 7C9109EF 76 Bytes [ 50, FF, 36, FF, 15, 8C, 13, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlSizeHeap + 4F 7C910A3C 106 Bytes [ B5, E4, FE, FF, FF, E8, EA, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcsncpy + 18 7C910AA7 89 Bytes [ EC, 83, EC, 34, A1, 8C, E1, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcsncpy + 72 7C910B01 28 Bytes [ 00, 00, 6A, 02, 8D, 45, F4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcsncpy + 8F 7C910B1E 100 Bytes CALL 7C8D7311 C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcsncpy + F5 7C910B84 73 Bytes [ 3B, C6, 75, 0C, C7, 45, E4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcsncpy + 13F 7C910BCE 89 Bytes [ 8D, 47, 02, 50, 56, FF, 15, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeleteCriticalSection + A5 7C91192F 9 Bytes [ 15, 54, 12, 94, 60, 8B, F8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeleteCriticalSection + AF 7C911939 47 Bytes [ 45, D4, 89, 38, 8B, 45, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeleteCriticalSection + E0 7C91196A 88 Bytes [ 50, FF, 15, A4, D1, 98, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeleteCriticalSection + 139 7C9119C3 33 Bytes [ 0C, 50, 8D, 45, FC, 50, 6A, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeleteCriticalSection + 15B 7C9119E5 123 Bytes [ 75, FC, FF, 15, 24, 10, 94, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 37 7C911A61 30 Bytes [ FF, D6, 85, C0, 89, 85, F4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 56 7C911A80 55 Bytes [ FF, 15, 50, 11, 94, 60, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSectionAndSpinCount + 8E 7C911AB8 100 Bytes [ 85, F4, FD, FF, FF, 5F, 5E, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlLogStackBackTrace + 39 7C911B1D 48 Bytes [ 75, FC, 50, 56, FF, 15, 50, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSection + 21 7C911B4E 107 Bytes [ 55, 8B, EC, 83, EC, 48, A1, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSection + 8D 7C911BBA 209 Bytes [ 00, C6, 45, C4, 01, C6, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSection + 15F 7C911C8C 7 Bytes [ 75, FC, 6A, 04, FF, 75, F8 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSection + 167 7C911C94 7 Bytes CALL 7C911B4A C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlInitializeCriticalSection + 16F 7C911C9C 21 Bytes [ 75, FC, 8B, F0, FF, 15, 54, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeToTimeFields + 3C 7C912449 87 Bytes [ C0, EB, 66, 8B, 45, 08, 6A, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeToTimeFields + 94 7C9124A1 3 Bytes [ 74, 0D, 8D ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeToTimeFields + 98 7C9124A5 92 Bytes [ D4, 50, FF, 75, FC, FF, D7, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeToTimeFields + F5 7C912502 1 Byte [ 5F ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeToTimeFields + F7 7C912504 1 Byte [ 53 ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrFindResource_U + 18 7C912C99 9 Bytes [ 4D, D0, 75, F1, 50, E8, DD, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrAccessResource + 1 7C912CA3 73 Bytes [ 8B, 4D, 18, 89, 01, 3B, C3, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadAlternateResourceModule + 18 7C912CED 16 Bytes [ 76, 04, 8B, FA, 8B, D9, C1, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadAlternateResourceModule + 29 7C912CFE 41 Bytes [ A4, 8B, 4D, E4, 8B, 49, 04, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadAlternateResourceModule + 53 7C912D28 144 Bytes [ 00, 89, 1C, 88, EB, 47, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAddressInSectionTable + 7 7C912DB9 33 Bytes [ DC, 8B, 45, 10, 89, 30, 39, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAddressInSectionTable + 29 7C912DDB 10 Bytes [ 89, 75, FC, 89, 75, E4, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageRvaToSection + 2 7C912DE6 26 Bytes CALL 7C915C19 C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageRvaToSection + 1D 7C912E01 126 Bytes [ 00, 89, 45, D8, 50, E8, E3, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageRvaToSection + 9C 7C912E80 8 Bytes [ E0, 08, 00, 00, 00, E9, 89, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageRvaToSection + A5 7C912E89 53 Bytes [ 00, 8B, 4D, E4, 8B, 09, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlImageRvaToSection + DB 7C912EBF 19 Bytes [ 15, DC, 13, 94, 60, EB, 08, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeToMultiByteN + 51 7C912FEC 76 Bytes [ EB, 4F, 8B, 4D, E4, 8B, 09, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeToMultiByteN + 9E 7C913039 54 Bytes [ 3B, 11, 72, BF, FF, 75, E4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeToMultiByteN + D5 7C913070 103 Bytes [ FF, 39, 7D, 08, 89, 7D, E4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToAnsiString + 12 7C9130D8 20 Bytes [ 14, 74, 13, FF, 75, 14, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToAnsiString + 28 7C9130EE 23 Bytes [ 39, 7D, 1C, 74, 13, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToAnsiString + 40 7C913106 34 Bytes [ 8D, 45, FC, 50, FF, 75, 20, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToAnsiString + 63 7C913129 119 Bytes [ 85, C2, 01, 00, 00, 8B, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLockLoaderLock + 30 7C9131A1 108 Bytes [ 3B, C7, 89, 45, C8, 74, 3C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLockLoaderLock + 9D 7C91320E 3 Bytes [ F7, A9, FC ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLockLoaderLock + A1 7C913212 92 Bytes [ 8B, F0, 3B, F7, 0F, 85, D4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrUnlockLoaderLock + 46 7C91326F 76 Bytes [ 74, 1A, 8B, 0B, 89, 41, 1C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!CsrClientCallServer + 1B 7C9132BC 1 Byte [ D1 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!CsrClientCallServer + 1D 7C9132BE 105 Bytes JMP 7089BDC5
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!CsrClientCallServer + 87 7C913328 51 Bytes CALL 7C8DC74C C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!CsrClientCallServer + BB 7C91335C 50 Bytes CALL 7C8DC74C C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!_strcmpi + 1B 7C91338F 152 Bytes [ 89, 3B, 5F, 8B, C6, 5E, 5B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlEqualUnicodeString + 5A 7C913428 101 Bytes [ 07, C7, 45, B8, 01, 00, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcscpy + 1B 7C91348E 24 Bytes [ 5D, A8, 83, 7D, B8, 00, 0F, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlValidSid + 11 7C9134A8 200 Bytes JMP 7C91353E C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlValidSid + DA 7C913571 57 Bytes [ FF, FF, FF, 3B, E4, 97, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCreateUnicodeStringFromAsciiz + 1A 7C9135AB 17 Bytes CALL 7C8DC74C C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIsDosDeviceName_U 7C9135C0 6 Bytes [ 90, 8B, FF, 55, 8B, EC ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIsDosDeviceName_U + 7 7C9135C7 90 Bytes [ 53, 56, 8B, 75, 0C, 33, DB, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIsDosDeviceName_U + 62 7C913622 59 Bytes [ 74, 08, FF, 75, FC, E8, 24, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIsDosDeviceName_U + 9E 7C91365E 1 Byte [ 90 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIsDosDeviceName_U + A3 7C913663 47 Bytes [ 6A, 10, 68, C0, E6, 97, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCopySid + 11 7C913693 1 Byte [ 8B ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCopySid + 13 7C913695 1 Byte [ 89 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCopySid + 15 7C913697 16 Bytes CALL 7C8E75EC C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCopySid + 26 7C9136A8 37 Bytes [ 75, E4, FF, 15, 58, 14, 94, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlLengthSid + 1B 7C9136D1 38 Bytes [ 6A, 10, 68, 30, E7, 97, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeToMultiByteSize + 26 7C9136F8 95 Bytes [ 89, 45, E0, EB, 27, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlLockHeap + 35 7C913758 27 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlLockHeap + 51 7C913774 18 Bytes [ 90, 8B, 45, EC, 8B, 00, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnlockHeap + 1 7C91378C 28 Bytes CALL 7C75AD90
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnlockHeap + 20 7C9137AB 74 Bytes [ FF, 75, E7, 97, 60, 8B, E7, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIsValidHandle + 1 7C9137F6 310 Bytes [ 00, 89, 45, E4, 50, E8, EE, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlEncodePointer + 16 7C91392D 5 Bytes [ 83, 65, FC, 00, 8B ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlEncodePointer + 1C 7C913933 11 Bytes [ 20, 83, 20, 00, FF, 75, 24, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDecodePointer + 2 7C91393F 63 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCreateUnicodeString + 35 7C91397F 29 Bytes CALL 7C8D8C6D C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDetermineDosPathNameType_U 7C91399F 65 Bytes [ 90, 90, 6A, 10, 68, 10, EA, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDetermineDosPathNameType_U + 42 7C9139E1 85 Bytes [ 8B, 00, 89, 45, E4, 50, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDetermineDosPathNameType_U + 98 7C913A37 10 Bytes [ FF, 75, 28, 50, FF, 75, 20, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDetermineDosPathNameType_U + A3 7C913A42 17 Bytes [ 75, 18, FF, 75, 14, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDetermineDosPathNameType_U + B5 7C913A54 17 Bytes [ 00, 89, 45, E0, EB, 27, 90, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosPathNameToNtPathName_U + 5A 7C914157 56 Bytes [ 32, 8B, 38, 89, 7C, 31, 0C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosPathNameToNtPathName_U + 93 7C914190 190 Bytes [ 15, 1C, 14, 94, 60, 8B, 55, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlPrefixUnicodeString + 3F 7C91424F 222 Bytes [ FB, F3, A5, 8B, CA, 83, E1, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetCurrentDirectory_U + 1F 7C91432E 77 Bytes [ 33, FF, 8B, 75, 20, 89, 3E, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetCurrentDirectory_U + 6D 7C91437C 3 Bytes [ 6E, 32, FD ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetCurrentDirectory_U + 71 7C914380 30 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetCurrentDirectory_U + 91 7C9143A0 58 Bytes [ FF, FF, FF, FF, 70, F3, 97, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryEnvironmentVariable_U + 3A 7C9143DB 67 Bytes [ EC, 8B, 00, 8B, 00, 89, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryEnvironmentVariable_U + 7E 7C91441F 39 Bytes CALL 7C8D8C2F C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlQueryEnvironmentVariable_U + A6 7C914447 83 Bytes [ 00, 89, 45, E4, 50, E8, 9D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!wcsrchr + 2 7C91449B 265 Bytes [ 75, 10, FF, 75, 0C, FF, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExpandEnvironmentStrings_U + D3 7C9145A5 8 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExpandEnvironmentStrings_U + DC 7C9145AE 104 Bytes [ FF, 75, E4, FF, 15, 58, 14, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExpandEnvironmentStrings_U + 145 7C914617 31 Bytes CALL 7C8E75EA C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExpandEnvironmentStrings_U + 165 7C914637 3 Bytes [ 35, 46, FC ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlExpandEnvironmentStrings_U + 169 7C91463B 134 Bytes [ C2, 20, 00, 90, 90, FF, FF, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetLongestNtPathLength + 21 7C914800 102 Bytes [ 00, 8B, 00, 89, 45, E0, 50, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetLongestNtPathLength + 88 7C914867 53 Bytes [ 00, 89, 45, E0, EB, 27, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetLongestNtPathLength + BE 7C91489D 6 Bytes [ C2, 18, 00, FF, FF, FF ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetLongestNtPathLength + C5 7C9148A4 125 Bytes [ 72, F8, 97, 60, 88, F8, 97, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlGetLongestNtPathLength + 144 7C914923 189 Bytes [ 00, 00, 21, 45, 0C, 39, 45, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertSidToUnicodeString + 12 7C914A6F 19 Bytes [ 7D, 10, 53, FF, 75, 0C, 33, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertSidToUnicodeString + 26 7C914A83 91 Bytes [ FF, 3B, C6, 74, 61, 39, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertSidToUnicodeString + 82 7C914ADF 15 Bytes [ C7, 07, 01, 00, 00, 00, 33, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertSidToUnicodeString + 92 7C914AEF 13 Bytes [ 74, 08, FF, 75, FC, E8, 57, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlConvertSidToUnicodeString + A0 7C914AFD 61 Bytes [ 5B, C9, C2, 10, 00, 90, 90, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAppendUnicodeToString + 20 7C914D62 31 Bytes [ 00, 89, 45, DC, 50, E8, 82, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAppendUnicodeToString + 41 7C914D83 77 Bytes [ DC, FF, 15, 58, 14, 94, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAppendUnicodeStringToString + 1B 7C914DD2 49 Bytes CALL 7C9157B0 C:\WINDOWS\system32\ntdll.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAppendUnicodeStringToString + 4D 7C914E04 24 Bytes CALL 7C8D8C6D C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFormatCurrentUserKeyPath 7C914E21 38 Bytes [ 6A, 10, 68, 80, FE, 97, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFormatCurrentUserKeyPath + 27 7C914E48 14 Bytes [ 89, 45, E0, EB, 27, 90, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFormatCurrentUserKeyPath + 36 7C914E57 20 Bytes [ 8B, 00, 89, 45, E4, 50, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFormatCurrentUserKeyPath + 4B 7C914E6C 20 Bytes [ 75, E4, FF, 15, 58, 14, 94, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFormatCurrentUserKeyPath + 60 7C914E81 83 Bytes [ FF, FF, FF, 52, FE, 97, 60, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!bsearch + 45 7C915040 97 Bytes [ 8B, EC, 81, EC, AC, 01, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!bsearch + A7 7C9150A2 7 Bytes [ 83, C4, 0C, 8D, 45, E8, 50 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!bsearch + AF 7C9150AA 51 Bytes [ 15, E4, D1, 98, 60, 83, F8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!bsearch + E4 7C9150DF 103 Bytes [ 83, C4, 0C, 39, 45, 10, 76, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!bsearch + 14C 7C915147 138 Bytes [ FF, 89, B5, C8, F9, FF, FF, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindActivationContextSectionString + D 7C915326 1 Byte [ 69 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindActivationContextSectionString + F 7C915328 9 Bytes [ 6F, 00, 6E, 00, 20, 00, 73, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindActivationContextSectionString + 19 7C915332 5 Bytes [ 61, 00, 74, 00, 69 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindActivationContextSectionString + 1F 7C915338 1 Byte [ 63 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindActivationContextSectionString + 21 7C91533A 27 Bytes [ 20, 00, 74, 00, 72, 00, 75, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlHashUnicodeString + 98 7C9154FD 147 Bytes [ E4, 00, 74, 03, 6A, 32, 58, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlHashUnicodeString + 12C 7C915591 230 Bytes [ 75, 0B, FF, 4D, E0, 75, 06, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlHashUnicodeString + 213 7C915678 54 Bytes [ 75, 08, FF, 75, DC, 68, 9C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlHashUnicodeString + 24A 7C9156AF 86 Bytes [ 90, FF, FF, FF, FF, 42, 86, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlHashUnicodeString + 2A1 7C915706 167 Bytes [ 89, 45, DC, 33, C0, 40, C3, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + B 7C9157AE 56 Bytes [ 00, 75, 53, C7, 45, E4, 01, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 44 7C9157E7 16 Bytes [ EB, AF, 8D, 45, E4, 50, 6A, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 55 7C9157F8 11 Bytes [ 75, DC, 68, 1C, 88, 97, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 61 7C915804 53 Bytes [ 83, 4D, FC, FF, 83, 7D, E4, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosApplyFileIsolationRedirection_Ustr + 98 7C91583B 16 Bytes [ FF, BF, 87, 97, 60, D2, 87, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindCharInUnicodeString + 2F 7C915B98 176 Bytes [ 39, 75, E4, 74, 03, 6A, 32, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindCharInUnicodeString + E0 7C915C49 27 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindCharInUnicodeString + FC 7C915C65 3 Bytes [ 5B, EB, FC ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFindCharInUnicodeString + 100 7C915C69 7 Bytes [ 83, C4, 0C, 5D, C2, 04, 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlValidateUnicodeString 7C915C72 3 Bytes [ 90, 90, 90 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlValidateUnicodeString + 4 7C915C76 65 Bytes [ FF, 55, 8B, EC, 8D, 45, 04, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlValidateUnicodeString + 46 7C915CB8 56 Bytes [ C4, 0C, 5D, C2, 08, 00, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlValidateUnicodeString + 7F 7C915CF1 65 Bytes [ 04, 83, C0, 04, 50, 68, C6, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlValidateUnicodeString + C1 7C915D33 13 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadDll + 22 7C9161EC 28 Bytes CALL C4BBD5F1
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadDll + 3F 7C916209 20 Bytes [ 06, C7, 02, 44, 92, 98, 60, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadDll + 54 7C91621E 234 Bytes [ B8, 3C, 92, 98, 60, 89, 06, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadDll + 13F 7C916309 114 Bytes [ FF, 55, 8B, EC, 83, EC, 14, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrLoadDll + 1B2 7C91637C 19 Bytes [ 75, 18, 56, FF, 75, FC, FF, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrGetDllHandle + 18 7C91659E 75 Bytes [ 00, EB, 05, 8B, 4D, FC, 33, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrGetDllHandleEx + 43 7C9165EA 113 Bytes [ 10, 3B, FE, 75, 05, 6A, 57, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrGetDllHandleEx + B5 7C91665C 104 Bytes [ 74, 34, 48, 74, 31, 83, E8, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrGetDllHandleEx + 11E 7C9166C5 42 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrGetDllHandleEx + 149 7C9166F0 43 Bytes [ 75, 18, FF, 75, 14, FF, 36, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 1 7C91671C 5 Bytes [ 46, 0C, 89, 47, 08 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 7 7C916722 89 Bytes [ 46, 10, 89, 47, 0C, EB, 76, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 61 7C91677C 20 Bytes [ 47, 10, 8B, 46, 14, 89, 47, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 76 7C916791 9 Bytes [ 76, 18, FF, D3, 59, 50, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 80 7C91679B 17 Bytes [ FD, F4, FB, FF, 5F, 5E, 5B, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosSearchPath_U + 63 7C916E5C 3 Bytes [ 3C, EE, FB ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosSearchPath_U + 67 7C916E60 39 Bytes [ 8B, 47, 0C, 89, 46, 0C, 8B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosSearchPath_U + 8F 7C916E88 111 Bytes CALL 7C8D5C9A C:\WINDOWS\system32\kernel32.dll
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosSearchPath_U + FF 7C916EF8 18 Bytes [ 00, 8B, 45, 14, 3B, C2, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDosSearchPath_U + 112 7C916F0B 21 Bytes [ EC, A2, 98, 60, 8B, 45, 1C, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrUnloadDll + 5 7C917190 12 Bytes [ 00, EB, 48, 8B, 45, 14, 33, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrUnloadDll + 12 7C91719D 31 Bytes [ 10, 8B, 45, 18, 3B, C2, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrUnloadDll + 32 7C9171BD 12 Bytes [ 48, 04, 00, 00, 8B, 45, 24, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrUnloadDll + 3F 7C9171CA 23 Bytes [ 1C, 00, 00, 00, 8B, 45, 28, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrUnloadDll + 57 7C9171E2 64 Bytes [ 90, 90, 44, 7A, 7A, 44, 44, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContextEx + 1C 7C9174A3 24 Bytes [ 52, 33, 32, 2E, 64, 6C, 6C, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContextEx + 35 7C9174BC 8 Bytes [ EC, A6, 04, 00, 00, A7, 04, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContextEx + 3E 7C9174C5 14 Bytes [ 00, 00, 00, 10, A7, 04, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContextEx + 4D 7C9174D4 3 Bytes [ 52, A7, 04 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContextEx + 51 7C9174D8 4 Bytes [ 64, A7, 04, 00 ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContext + 1E 7C91762B 7 Bytes [ 80, 24, 00, 00, 80, 57, 00 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContext + 26 7C917633 14 Bytes [ 80, 71, 00, 00, 80, 9D, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContext + 35 7C917642 3 Bytes [ 00, 80, 75 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContext + 39 7C917646 19 Bytes [ 00, 80, 0E, 00, 00, 80, 91, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlActivateActivationContext + 4D 7C91765A 16 Bytes [ 00, 80, 9B, 00, 00, 80, 77, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeactivateActivationContext + 28 7C917711 24 Bytes [ 00, 52, 61, 70, 43, 6F, 6E, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeactivateActivationContext + 41 7C91772A 56 Bytes [ 00, 00, 52, 61, 70, 41, 75, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlDeactivateActivationContext + 7A 7C917763 106 Bytes [ 00, 00, 00, 52, 61, 70, 50, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCompareUnicodeString + 1C 7C9177CE 134 Bytes [ 52, 61, 70, 43, 6F, 6E, 76, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCompareUnicodeString + A3 7C917855 16 Bytes [ 6D, 65, 73, 57, 00, 00, 00, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCompareUnicodeString + B4 7C917866 127 Bytes [ 00, 00, 44, 73, 46, 72, 65, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCompareUnicodeString + 134 7C9178E6 55 Bytes [ 53, 61, 6D, 4C, 6F, 6F, 6B, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlCompareUnicodeString + 16C 7C91791E 29 Bytes [ 53, 61, 6D, 51, 75, 65, 72, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlReAllocateHeap + 29 7C917A26 94 Bytes [ 53, 61, 6D, 51, 75, 65, 72, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlReAllocateHeap + 88 7C917A85 30 Bytes [ 13, 00, 00, 53, 61, 6D, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlReAllocateHeap + A8 7C917AA5 21 Bytes [ 00, 53, 61, 6D, 47, 65, 74, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlReAllocateHeap + BE 7C917ABB 80 Bytes [ 28, 00, 00, 53, 61, 6D, 44, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlReAllocateHeap + 10F 7C917B0C 129 Bytes [ 53, 61, 6D, 45, 6E, 75, 6D, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeFieldsToTime + 70 7C918979 23 Bytes [ 00, E6, 00, 46, 6C, 75, 73, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeFieldsToTime + 88 7C918991 205 Bytes [ 6E, 74, 65, 72, 43, 72, 69, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeFieldsToTime + 156 7C918A5F 41 Bytes [ 78, 63, 65, 70, 74, 69, 6F, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeFieldsToTime + 181 7C918A8A 1 Byte [ 3B ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlTimeFieldsToTime + 183 7C918A8C 107 Bytes [ 47, 65, 74, 43, 75, 72, 72, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIntegerToChar + 20 7C918AF8 105 Bytes [ D1, 01, 47, 65, 74, 54, 69, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIntegerToChar + 8A 7C918B62 53 Bytes [ 74, 50, 72, 6F, 63, 41, 64, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlIntegerToChar + C0 7C918B98 263 Bytes [ 89, 00, 44, 69, 73, 61, 62, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToInteger + 3F 7C918CA0 40 Bytes [ 72, 6C, 6F, 63, 6B, 65, 64, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToInteger + 68 7C918CC9 16 Bytes [ 00, 6C, 00, 43, 72, 65, 61, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToInteger + 79 7C918CDA 19 Bytes [ 2D, 03, 53, 65, 74, 54, 68, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToInteger + 8D 7C918CEE 157 Bytes [ 1D, 02, 49, 6E, 74, 65, 72, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlUnicodeStringToInteger + 12B 7C918D8C 43 Bytes [ 69, 03, 56, 65, 72, 69, 66, ... ]
.text ...
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!CsrNewThread + 30 7C918EAA 54 Bytes [ 2D, 02, 5F, 77, 63, 73, 6E, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!CsrNewThread + 68 7C918EE2 70 Bytes [ 12, 03, 73, 77, 70, 72, 69, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!CsrNewThread + B0 7C918F2A 144 Bytes [ 26, 03, 77, 63, 73, 63, 61, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlpWaitForCriticalSection + 2C 7C918FBB 209 Bytes [ 00, 06, 03, 52, 74, 6C, 53, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlpUnWaitCriticalSection + 36 7C91908D 23 Bytes [ EC, 8D, 45, 04, 83, C0, 04, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlpUnWaitCriticalSection + 4E 7C9190A5 84 Bytes [ C4, 0C, 5D, C2, 14, 00, 90, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeThreadActivationContextStack 7C9190FD 36 Bytes [ 90, 8B, FF, 55, 8B, EC, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlFreeThreadActivationContextStack + 28 7C919125 72 Bytes [ 8B, FF, 55, 8B, EC, 8D, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrShutdownThread + 48 7C91916E 196 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrShutdownThread + 110 7C919236 40 Bytes [ 8B, FF, 55, 8B, EC, 8D, 45, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!LdrShutdownThread + 139 7C91925F 32 Bytes [ 55, 8B, EC, 8D, 45, 04, 83, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlReleaseResource 7C919283 116 Bytes [ 90, 8B, FF, 55, 8B, EC, 8D, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquireResourceShared + 3B 7C9192F9 3 Bytes [ 8B, FF, 55 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquireResourceExclusive + 1 7C9192FD 4 Bytes [ EC, 8D, 45, 04 ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquireResourceExclusive + 6 7C919302 61 Bytes [ C0, 04, 50, 68, 1E, 84, 94, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquireResourceExclusive + 44 7C919340 1 Byte [ 0C ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquireResourceExclusive + 46 7C919342 49 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ]
.text C:\Program\WinRAR\WinRAR.exe[2432] ntdll.dll!RtlAcquireResourceExclusive + 79 7C919375 175 Bytes [ 04, 83, C0, 04, 50, 68, DE, ... ]
.text ...
This is going to be huge do you want me to keep posting or is there are certain part of the log you want?
Angelfire777
2006-12-24, 14:46
try to zip the file then post it here as an attachment. If it is still too large, zip the logfile then email it to me at this address:
AF777"AT"Me4email.com
replace "AT" with @
I need to email it......sorry.
And to answer your questin about the computer running ok...it seems to be fine...however i cannot access my sercurity center at all..it tells me this.....
Swedish to english translations....
it goes not to find C:\WINDOWS\system32\rundll32.exe. Control that you have given the right name and try again. You can search after a file through clicking on the button Start and select Search.
That is a close translation....
Angelfire777
2006-12-24, 17:33
Backup Your Registry with ERUNT
Please use the following link and scroll down to ERUNT and download it.
http://aumha.org/freeware/freeware.php
For version with the Installer:
Use the setup program to install ERUNT on your computer
For the zipped version:
Unzip all the files into a folder of your choice.
Click Erunt.exe to backup your registry to the folder of your choice.
Note: to restore your registry, go to the folder and start ERDNT.exe
Open notepad.
Copy and paste the text inside the Code Box below into Notepad
Choose File > Save As and under "Save as type", choose "All Files".
Type fix.reg in the File name and save it to your desktop.
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,77,00,69,00,6e,00,\
6d,00,67,00,6d,00,74,00,00,00,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,00,53,00,59,00,53,00,54,00,45,00,4d,00,52,00,4f,00,4f,\
00,54,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="NT Authority\\NetworkService"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00
"DependOnService"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,\
68,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]
"Description"="Provides the endpoint mapper and other miscellaneous RPC services."
"DisplayName"="Remote Procedure Call (RPC)"
"ErrorControl"=dword:00000001
"Group"="COM Infrastructure"
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,20,00,2d,00,6b,00,20,00,72,00,70,00,\
63,00,73,00,73,00,00,00
"ObjectName"="NT Authority\\NetworkService"
"Start"=dword:00000002
"Type"=dword:00000020
"FailureActions"=hex:00,00,00,00,00,00,00,00,00,00,00,00,01,00,00,00,00,00,00,\
00,02,00,00,00,60,ea,00,00
"DependOnService"=hex(7):44,00,63,00,6f,00,6d,00,4c,00,61,00,75,00,6e,00,63,00,\
68,00,00,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
72,00,70,00,63,00,73,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Security]
"Security"=hex:01,00,14,80,a8,00,00,00,b4,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,78,00,05,00,00,00,00,00,14,00,8d,00,02,00,01,01,00,00,00,00,00,\
05,0b,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,18,00,8d,00,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,\
02,00,00,00,00,14,00,9d,00,00,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,\
18,00,9d,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,21,02,00,00,01,01,00,\
00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs\Enum]
"0"="Root\\LEGACY_RPCSS\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Close notepad. Make sure that all windows are closed.
Find the fix.reg file on your desktop.
Double click it.
It will then ask if you want the file merged to your registry.
Answer Yes.
Reboot then please tell me if you can now access windows security center and please notify me if you have emailed me the gmer log
I have sent the email to you....
uhmmm consider me dumb but i am a little perplexed with the following lines, can you please ellaborate..
Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.
Angelfire777
2006-12-25, 02:44
That means that you must NOT leave a blank line before the word "Windows Registry Editor Version 5.00" Sorry about the regedit4 earlier...
And you must leave a blank line after the last word to be entered..
Since I'm on dialup, it might take time for me to download the attachment..Please hold on and I'll be back :)
Followed your instructions to the letter, still comes up with the same message.
Merry xmas by the way.
And i wont be gong anywhere, i am at your mercy so you take as long as you need.
Angelfire777
2006-12-25, 05:55
Merry Christmas too :present:
Hold on for a while..I'm asking an expert right now, I'll try my best to reply within the day:bigthumb:
Your gmer log is clean by the way
Angelfire777
2006-12-25, 10:42
download this:
http://www.winhelponline.com/downloadattachment.php?aId=f0b7fdc1678bdb23201337d38a3c3270&articleId=33
double click the file you downloaded then if it asks if you want to merge, choose yes.
Reboot then please post back and tell us if it is fixed already..
Angelfire,
Sorry for the delay, i missed your last post.....anyway...
Followed your instructions and am still unable to access my sercurity centre, again it tells me it is unable to locate the file... C:\WINDOWS\system32\rundll32.exe
System however seems to be running ok still....
Angelfire777
2006-12-30, 03:04
Hi, sorry that I've been gone for a few days...We had very unfortunate things happen in our family..
Please download this:
http://www.spywareinfo.com/~merijn/files/windows/rundll32_xp.zip
unzip the files to this folder: C:\Windows\System32
Reboot then try if Security Center is working..
Angelfire,
I hope that everything is ok, you need not apologise nor go out of your way to help...take all the time you need.
I have downloaded the file, i can now access the security centre but it has not started up....
It simply says that access to the centre is not available just now as it has sopped or has not started.
Angelfire777
2006-12-30, 11:11
Go to start -> run -> services.msc -> ok
Find "Security Center", doubleclick it, press start (if not already running) and make sure that startuptype is automatic.
Reboot then post back with the result
Angelfire, your a genius, the security centre is working, everything seems to be as it should be....Thanks for your time and help.
Thanks for everything....let me know if i need send anymore reports...
Angelfire777
2006-12-31, 03:38
Please post a fresh HijackThis log for final checkup:bigthumb:
I am crossing my fingers that you will give be a clean bill of health ;)
Logfile of HijackThis v1.99.1
Scan saved at 02:49:24, on 2006-12-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program\Grisoft\AVGFRE~1\avgcc.exe
C:\Program\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\MSN Messenger\MsnMsgr.Exe
C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Washer\Formdata.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program\Delade filer\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\sv\msntb.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program\Delade filer\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\Program\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program\Delade filer\Logitech\LComMgr\LVComSX.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: X-Micro WLAN 11g USB Utility.lnk = C:\Program\X-Micro Technology Corporation\X-Micro WLAN 11g USB adapter\XMicroWlan.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program\ieSpell\wikipedia.HTM
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~2\OFFICE11\REFIEBAR.DLL
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.spray.se/
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/download/scanner/wlscbase8460.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\Program\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\GAREN~1\LOKALA~1\Temp\hpdj.exe (file missing)
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program\Delade filer\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
Angelfire777
2006-12-31, 09:52
Well, you have it. Nice work:bigthumb:
Congratulations! Your log looks clean!
Configure Windows Xp to hide system files:
Click Start.
Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab.
Under the Hidden files and folders heading, select Do not show hidden files and folders.
Check the Hide protected operating system files option.
Click Yes to confirm.
Click OK.
_______________________
This is a good time to clear your existing system restore points and establish a new clean restore point:
Go to Start > All Programs > Accessories > System Tools > System Restore
Select Create a restore point, and Ok it.
Next, go to Start > Run and type in cleanmgr
Select the More options tab
Choose the option to clean up system restore and OK it.
This will remove all restore points except the new one you just created.
______________________
Here are some free programs I recommend that could help you improve your pc's security.
Adaware
~You can download it from here (http://www.lavasoft.de)
~There is a tutorial on how to use Adaware properly here (http://forums.spywareinfo.com/index.php?showtopic=11150)
Install Spyware Guard
~You can download it from here (http://www.javacoolsoftware.com/spywareguard.html)
~You can read the tutorial on how to use Spyware Guard here (http://www.bleepingcomputer.com/tutorials/tutorial50.html)
Install SpyWare Blaster
~You can download it from here (http://www.javacoolsoftware.com/spywareblaster.html)
~You can read the tutorial on how to use Spyware Blaster here (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
Install WinPatrol
~You can download it from here (http://www.winpatrol.com/download.html)
~You can get some information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Note: Make sure you update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
Please check out Tony Klein's article "How did I get infected in the first place?" (http://castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html)
Happy safe surfing!:laugh:
Thankyou for your excellent help and the time you put in with a some what computer illiterate person.
I will down load your recomendations, and read the manuals so that i hopefully wont need to use your services again...;)
But a quick question before i do manage to get through the reading, is do any of the programs conflict, i.e. will i need to disable some while others are running?
Angelfire777
2007-01-01, 14:16
You're most welcome:D:
No, you don't need to disable anything. These programs work by layers:bigthumb:
Glad we could help, as the problem appears to be resolved this topic has been archived. :bigthumb:
If you need it re-opened please send me or your helper a private message (pm) and provide a link to the thread; this applies only to the original topic starter.
Anyone else with similar problems please start a new topic.