Spybot won't run; spyware/malware activity

S

sociecide

New member
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:25:56 PM, on 5/21/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\bittorrent.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-117609710-220523388-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-117609710-220523388-839522115-500\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Administrator')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Omega ASIO Control Panel.lnk = C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4907D5BF-232A-43DC-B306-CCB18BEA07EF} (WebCamX Control) - http://98.109.214.5/WebCamX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec Eraser Service (EraserSvc10910) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11078 bytes
 
Hi sociecide

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

uninstall-man.jpg


5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
 
Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIM 6
AIM Toolbar
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
AudibleManager
Babarosa Gif Animator 3.5
Bonjour
CCleaner (remove only)
CoffeeCup GIF Animator
Continuum 0.40
Core Center
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
ERUNT 1.1j
EtherDetect Packet Sniffer v1.4
ffdshow [rev 1909] [2008-03-20]
GoodMEM
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Lexicon Omega Studio(remove only)
LimeWire 4.14.8
LiveUpdate Notice (Symantec Corporation)
Medieval Total War
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft® Winter Fun Pack 2004 for Windows® XP
MSI DigiCell
MSI Live Update 3
Nero 6 Ultra Edition
Norton AntiVirus
Norton PC Checkup
Norton Security Scan
NVIDIA Drivers
NVIDIA nTune
OpenOffice.org Installer 1.0
PasswordKeeper
PlayersOnly Poker
PokerStars
PowerDVD
Quicken 2008
QuickTime
Realtek AC'97 Audio
RedLightCenter
Registry Mechanic 8.0
RunAlyzer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonalksis FreeG Plug-Ins for Windows 1.08
Sonik Synth 2 Free
Sprint media manager
Spybot - Search & Destroy
Spyware Doctor 6.0
Steinberg Cubase LE
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Utherverse 3D Client
Utherverse 3D Client
Viewpoint Media Player
Vio Video Converter 1.0
Voxengo PHA-979 VST 1.2
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 4.1 beta2
WinRAR archiver
WWAYM - NWBass V1.1
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Engine
Yahoo! Toolbar
ZENcast Organizer
 
As per forum rules, you will need to uninstall all p2p programs.

Those would be:

BitTorrent DNA
LimeWire 4.14.8

After that, please post back a fresh uninstall list.
 
I'm sorry... I thought I got rid of my p2p programs... guess I didn't get rid of them entirely.

Ad-Aware SE Personal
Adobe Bridge 1.0
Adobe Common File Installer
Adobe Flash Player 10 ActiveX
Adobe Help Center 1.0
Adobe Photoshop CS2
Adobe Reader 8.1.0
Adobe Shockwave Player
Adobe Stock Photos 1.0
AIM 6
AIM Toolbar
AnswerWorks 5.0 English Runtime
Apple Mobile Device Support
Apple Software Update
Athlon 64 Processor Driver
AudibleManager
Babarosa Gif Animator 3.5
Bonjour
CCleaner (remove only)
CoffeeCup GIF Animator
Continuum 0.40
Core Center
Creative MediaSource 5
Creative Removable Disk Manager
Creative System Information
Creative ZEN V Series (R2)
DivX Codec
DivX Converter
DivX Player
DivX Web Player
Download Updater (AOL LLC)
ERUNT 1.1j
EtherDetect Packet Sniffer v1.4
ffdshow [rev 1909] [2008-03-20]
GoodMEM
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
iTunes
J2SE Runtime Environment 5.0 Update 3
Java(TM) 6 Update 13
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Lexicon Omega Studio(remove only)
LiveUpdate Notice (Symantec Corporation)
Medieval Total War
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft® Winter Fun Pack 2004 for Windows® XP
MSI DigiCell
MSI Live Update 3
Nero 6 Ultra Edition
Norton AntiVirus
Norton PC Checkup
Norton Security Scan
NVIDIA Drivers
NVIDIA nTune
OpenOffice.org Installer 1.0
PasswordKeeper
PlayersOnly Poker
PokerStars
PowerDVD
Quicken 2008
QuickTime
Realtek AC'97 Audio
RedLightCenter
Registry Mechanic 8.0
RunAlyzer
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Sonalksis FreeG Plug-Ins for Windows 1.08
Sonik Synth 2 Free
Sprint media manager
Spybot - Search & Destroy
Spyware Doctor 6.0
Steinberg Cubase LE
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Utherverse 3D Client
Utherverse 3D Client
Viewpoint Media Player
Vio Video Converter 1.0
Voxengo PHA-979 VST 1.2
Winamp (remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10 Hotfix - KB895316
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
WinPcap 4.1 beta2
WinRAR archiver
WWAYM - NWBass V1.1
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Music Engine
Yahoo! Toolbar
ZENcast Organizer
 
Please download GMER by GMER. An alternate download site.
  1. Unzip it to a folder on your desktop.
  2. Double click on gmer.exe to execute.
    If asked, allow the gmer.sys driver load.
  3. If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
  4. If you don't get a warning then...
    • Click the Rootkit/Malware tab at the top of the GMER window.
    • Click the Scan button.
  5. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
  6. Open Notepad and paste what you copied. Ctrl+V
  7. Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.

    In the GMER window...
  8. Click on the >>> tab at the top of the GMER window.
    This displays the rest of the "selection" tabs for you.
  9. Click on the Autostart tab.
  10. Click on Scan button.
  11. Once the scan has finished... click Copy.
  12. Open Notepad (again) and paste what you copied. Ctrl+V
  13. Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
  14. Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.
 
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-22 19:27:01
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT 8992E498 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xBA6DD514] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xBA6CC282] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xBA6CC474] <-- ROOTKIT !!!
SSDT 89867D08 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xBA6DDD00] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xBA6DDFB8] <-- ROOTKIT !!!
SSDT 8989E9A0 ZwLoadDriver
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xBA6DC3FA] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xBA6DE422] <-- ROOTKIT !!!
SSDT 899E6300 ZwResumeThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xBA6DD7D8] <-- ROOTKIT !!!
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xBA6CBF32] <-- ROOTKIT !!!

Code 89822F38 ZwEnumerateKey
Code 89A23528 ZwFlushInstructionCache
Code 897BE10E IofCallDriver
Code 897C50D6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE00A 5 Bytes JMP 897BE113
.text ntkrnlpa.exe!IofCompleteRequest 804EE09A 5 Bytes JMP 897C50DB
.text ntkrnlpa.exe!ZwCallbackReturn + 24B0 805013A0 4 Bytes JMP 2C929D2E
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAC4A 5 Bytes JMP 89A2352C
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619752 5 Bytes JMP 89822F3C
? SYMEFA.SYS The system cannot find the file specified. !
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00DF0001
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[192] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 012E0001
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[216] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [33, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [2A, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [12, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [18, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [1B, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [27, 5F] {DAA ; POP EDI}
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [15, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [2D, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [21, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [24, 5F] {AND AL, 0x5f}
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [30, 5F]
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C00001
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe[264] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
 
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[280] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\nvsvc32.exe[280] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00740001
.text C:\WINDOWS\system32\nvsvc32.exe[280] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\nvsvc32.exe[280] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00720001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[308] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[344] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 008E0001
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Viewpoint\Common\ViewpointService.exe[772] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[836] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 02F30001
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[836] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[836] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[836] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[836] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe[836] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1000] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[1000] KERNEL32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01330001
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[1000] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
 
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1024] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[1024] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01160001
.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[1024] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1068] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\services.exe[1068] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00960001
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[1068] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1080] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\lsass.exe[1080] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B00001
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[1080] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1240] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1240] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00A80001
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1240] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1308] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1308] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00B80001
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1308] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1344] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\System32\svchost.exe[1344] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 015B0001
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\System32\svchost.exe[1344] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1380] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1380] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00640001
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1380] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1508] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00640001
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
 
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1592] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1592] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 006D0001
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1592] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1880] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1880] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00CF0001
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[1880] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C10001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1984] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00D60001
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[1996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtClose 7C90D586 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtClose + 4 7C90D58A 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtCreateFile 7C90D682 1 Byte [FF]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtCreateFile 7C90D682 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtCreateFile + 4 7C90D686 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtCreateKey 7C90D6D6 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtCreateKey + 4 7C90D6DA 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtCreateSection 7C90D793 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtCreateSection + 4 7C90D797 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtDeleteKey 7C90D8A4 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtDeleteKey + 4 7C90D8A8 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtDeleteValueKey 7C90D8CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtDeleteValueKey + 4 7C90D8D2 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtRenameKey 7C90E339 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtRenameKey + 4 7C90E33D 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtSetInformationFile 7C90E5D9 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtSetInformationFile + 4 7C90E5DD 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtSetValueKey 7C90E7BC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtSetValueKey + 4 7C90E7C0 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtTerminateProcess 7C90E88E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtTerminateProcess + 4 7C90E892 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtWriteFile 7C90E9F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtWriteFile + 4 7C90E9F7 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtWriteFileGather 7C90EA08 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtWriteFileGather + 4 7C90EA0C 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtWriteVirtualMemory 7C90EA32 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] ntdll.dll!NtWriteVirtualMemory + 4 7C90EA36 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00DF0001
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\CTsvcCDA.exe[2016] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[3124] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00EB0001
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[3124] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[3124] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[3124] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[3124] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe[3124] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3140] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Registry Mechanic\RegMech.exe[3208] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 04050001
.text C:\Program Files\Registry Mechanic\RegMech.exe[3208] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Registry Mechanic\RegMech.exe[3208] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\Registry Mechanic\RegMech.exe[3208] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\Registry Mechanic\RegMech.exe[3208] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Registry Mechanic\RegMech.exe[3208] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3284] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00C40001
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3284] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3284] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3284] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3284] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe[3284] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3292] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 015D0001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3292] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3292] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3292] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3292] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3292] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\Program Files\MSI\DigiCell\DigiCell.exe[3372] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01F40001
.text C:\Program Files\MSI\DigiCell\DigiCell.exe[3372] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSI\DigiCell\DigiCell.exe[3372] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\MSI\DigiCell\DigiCell.exe[3372] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\MSI\DigiCell\DigiCell.exe[3372] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\MSI\DigiCell\DigiCell.exe[3372] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[3420] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 01AD0001
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[3420] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[3420] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[3420] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[3420] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\MSI\Core Center\CoreCenter.exe[3420] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] kernel32.dll!VirtualProtect + 1C 7C801AEC 7 Bytes JMP 036E0034
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A1720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A1764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A16AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A16E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A17DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 036E00B8
.text C:\Program Files\Internet Explorer\iexplore.exe[3536] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 036E013F
.text C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe[3540] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 00DD0001
.text C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe[3540] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe[3540] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe[3540] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe[3540] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe[3540] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A
.text C:\Program Files\Sprint Instinct Applications\MEMonitor.exe[3932] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 06820001
.text C:\Program Files\Sprint Instinct Applications\MEMonitor.exe[3932] USER32.dll!SetWindowPos 7E41C01B 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sprint Instinct Applications\MEMonitor.exe[3932] USER32.dll!SetWindowPos + 4 7E41C01F 2 Bytes [0B, 5F]
.text C:\Program Files\Sprint Instinct Applications\MEMonitor.exe[3932] USER32.dll!SetForegroundWindow 7E423D4D 6 Bytes JMP 5F040F5A
.text C:\Program Files\Sprint Instinct Applications\MEMonitor.exe[3932] USER32.dll!ChangeDisplaySettingsExA 7E428AE5 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Sprint Instinct Applications\MEMonitor.exe[3932] USER32.dll!ChangeDisplaySettingsExW 7E45938D 6 Bytes JMP 5F100F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0133BCA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0133BC50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01337EA0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01339100
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0133AA10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01339370
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01339180
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0133A010
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0133B950
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0133B990
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0133BD30
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0133B810
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0133A970
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01339930
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 013392E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01339660
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0133C2B0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0133A360
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0133A7D0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0133AE90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0133AC20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0133AE10
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0133B2F0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0133B000
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01339250
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 013397E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0133BA70
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0133AD60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0133A910
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0133A790
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0133AB20
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0133BD50
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0133AB60
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0133BFF0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0133BF90
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0133C1E0
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0133C280
IAT C:\Program Files\Registry Mechanic\RegMech.exe[3208] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0133C0B0

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library \\?\globalroot\systemroot\system32\gxvxcxcwdnusijonrnffbtdsmyqwlhwtpdcka.dll (*** hidden *** ) @ C:\Program Files\Internet Explorer\iexplore.exe [3536] 0x10000000

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\gxvxctjnqsfondrfqbjhdtkluadlduaeqobgn.sys (*** hidden *** ) [SYSTEM] gxvxcserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxctjnqsfondrfqbjhdtkluadlduaeqobgn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxctjnqsfondrfqbjhdtkluadlduaeqobgn.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcxcwdnusijonrnffbtdsmyqwlhwtpdcka.dll
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@imagepath \systemroot\system32\drivers\gxvxctjnqsfondrfqbjhdtkluadlduaeqobgn.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcserv \\?\globalroot\systemroot\system32\drivers\gxvxctjnqsfondrfqbjhdtkluadlduaeqobgn.sys
Reg HKLM\SYSTEM\ControlSet002\Services\gxvxcserv.sys\modules@gxvxcl \\?\globalroot\systemroot\system32\gxvxcxcwdnusijonrnffbtdsmyqwlhwtpdcka.dll
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x46 0x47 0x15 0xB0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x25 0xDA 0xEC 0x7E ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x31 0x77 0xE1 0xBA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x83 0x6C 0x56 0x8B ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\gxvxctjnqsfondrfqbjhdtkluadlduaeqobgn.sys 37888 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\gxvxccounter 4 bytes
File C:\WINDOWS\system32\gxvxcxcwdnusijonrnffbtdsmyqwlhwtpdcka.dll 26625 bytes executable

---- EOF - GMER 1.0.15 ----
 
GMER 1.0.15.14972 - http://www.gmer.net
Autostart scan 2009-05-22 19:28:23
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
!SASWinLogon@DLLName = C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
Creative Service for CDROM Access@ = C:\WINDOWS\system32\CTsvcCDA.exe
EraserSvc10910@ = "C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe" /h ccCommon
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
LiveUpdate Notice Service@ = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /m PifEng.dll
Norton AntiVirus@ = "C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe" /s "Norton AntiVirus" /m "C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll" /prefetch:1
nTuneService@ = C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe /StartService /*file not found*/
NVSvc@ = %SystemRoot%\system32\nvsvc32.exe
sdAuxService@ = C:\Program Files\Spyware Doctor\pctsAuxs.exe
sdCoreService@ = C:\Program Files\Spyware Doctor\pctsSvc.exe
Viewpoint Manager Service@ = "C:\Program Files\Viewpoint\Common\ViewpointService.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@Symantec PIF AlertEng"C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@ISTray"C:\Program Files\Spyware Doctor\pctsTray.exe" = "C:\Program Files\Spyware Doctor\pctsTray.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@KernelFaultCheck%systemroot%\system32\dumprep 0 -k = %systemroot%\system32\dumprep 0 -k
@SunJavaUpdateSched"C:\Program Files\Java\jre6\bin\jusched.exe" = "C:\Program Files\Java\jre6\bin\jusched.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@RegistryMechanicC:\Program Files\Registry Mechanic\RegMech.exe /H /*file not found*/ = C:\Program Files\Registry Mechanic\RegMech.exe /H /*file not found*/
@CTSyncU.exe"C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" = "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
@swgC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
@Aim6 /*file not found*/ = /*file not found*/
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks@{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} = C:\Program Files\SUPERAntiSpyware\SASSEH.DLL

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{A70C977A-BF00-412C-90B7-034C51DA2439} /*NvCpl DesktopContext Class*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{FFB699E0-306A-11d3-8BD1-00104B6F7516} /*Play on my TV helper*/C:\WINDOWS\system32\nvcpl.dll = C:\WINDOWS\system32\nvcpl.dll
@{1CDB2949-8F65-4355-8456-263E7C208A5D} /*Desktop Explorer*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A47} /*Desktop Explorer Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{1E9B04FB-F9E5-4718-997B-B8DA88302A48} /*nView Desktop Context Menu*/C:\WINDOWS\system32\nvshell.dll = C:\WINDOWS\system32\nvshell.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\YMMAPI.dll = C:\Program Files\Yahoo!\Common\YMMAPI.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{24849E2F-0A86-40CD-A62A-B12F161882DB} /*ZEN V Series Media Explorer*/C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll = C:\Program Files\Creative\Creative ZEN V Series (R2)\ZEN V Series Media Explorer\SHCTMTP.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL = C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\Office12\msohevi.dll = C:\Program Files\Microsoft Office\Office12\msohevi.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
SDContextExt@{70F8E90E-353A-47AB-B297-C576345EE693} = C:\PROGRA~1\SPYWAR~1\SDCONT~1.DLL
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = "C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\NavShExt.dll"
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\YMMAPI.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers@{CA8ACAFA-5FBB-467B-B348-90DD488DE003} = C:\Program Files\SUPERAntiSpyware\SASCTXMN.DLL

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
CTMTPMediaExplorer@{7895F317-A125-42CC-BD3E-5830765CE577} = C:\PROGRA~1\Creative\SHARED~1\CtCmeCtx.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
SDContextExt@{70F8E90E-353A-47AB-B297-C576345EE693} = C:\PROGRA~1\SPYWAR~1\SDCONT~1.DLL
Symantec.Norton.Antivirus.IEContextMenu@{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA} = "C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\NavShExt.dll"
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll = C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}C:\Program Files\Yahoo!\Common\yiesrvc.dll = C:\Program Files\Yahoo!\Common\yiesrvc.dll
@{6D53EC84-6AAE-4787-AEEE-F4628F01010C}C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL = C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
@{AA58ED58-01DD-4d91-8333-CF10577473F7}c:\program files\google\googletoolbar2.dll = c:\program files\google\googletoolbar2.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
@{b0cda128-b425-4eef-a174-61a11ac5dbf8}C:\Program Files\AIM Toolbar\aimtb.dll = C:\Program Files\AIM Toolbar\aimtb.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\logon.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://home.microsoft.com/search/search.asp = http://home.microsoft.com/search/search.asp
@Start Pagehttp://www.myspace.com/ = http://www.myspace.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\ITSS.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\ITSS.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\Ridiculous Nicholas\Start Menu\Programs\Startup >>>
Adobe Gamma.lnk = Adobe Gamma.lnk
ERUNT AutoBackup.lnk = ERUNT AutoBackup.lnk
Omega ASIO Control Panel.lnk = Omega ASIO Control Panel.lnk
Sprint media monitor.lnk = Sprint media monitor.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
CoreCenter.lnk = CoreCenter.lnk
DigiCell.lnk = DigiCell.lnk

---- EOF - GMER 1.0.15 ----
 
We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
 
ComboFix 09-05-23.04 - Ridiculous Nicholas 05/24/2009 0:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1693 [GMT -7:00]
Running from: c:\documents and settings\Ridiculous Nicholas\Desktop\ComboFix.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\amlxfnwx.ini
c:\windows\system32\drivers\gxvxctjnqsfondrfqbjhdtkluadlduaeqobgn.sys
c:\windows\system32\esidhoji.ini
c:\windows\system32\gxvxccounter
c:\windows\system32\gxvxcxcwdnusijonrnffbtdsmyqwlhwtpdcka.dll
c:\windows\system32\wl.exe
G:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_GXVXCSERV.SYS


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 22:55 . 2009-05-17 21:24 876144 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\NAVEX15.SYS
2009-05-23 22:55 . 2009-05-17 21:24 89104 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\NAVENG.SYS
2009-05-23 22:55 . 2009-05-17 21:24 371248 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\EECTRL.SYS
2009-05-23 22:55 . 2009-05-17 21:24 101936 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\ERASER.SYS
2009-05-23 22:55 . 2009-05-17 21:24 259368 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\ECMSVR32.DLL
2009-05-23 22:55 . 2009-05-17 21:24 177520 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\NAVENG32.DLL
2009-05-23 22:55 . 2009-05-17 21:24 1181040 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\NAVEX32A.DLL
2009-05-23 22:55 . 2009-05-17 21:24 2414128 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090523.020\CCERASER.DLL
2009-05-22 01:04 . 2009-05-22 01:03 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-22 01:03 . 2009-05-22 01:03 152576 ----a-w c:\documents and settings\Ridiculous Nicholas\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-22 01:00 . 2009-05-22 01:00 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-22 01:00 . 2009-05-22 01:00 -------- d-----w c:\documents and settings\Ridiculous Nicholas\Application Data\SUPERAntiSpyware.com
2009-05-22 00:59 . 2009-05-22 00:59 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-22 00:42 . 2009-05-22 00:43 -------- d-----w c:\program files\CCleaner
2009-05-21 21:13 . 2009-05-21 21:13 -------- d-----w c:\program files\ERUNT
2009-05-21 20:47 . 2009-05-21 22:06 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-21 20:36 . 2009-05-21 20:36 -------- d-----w c:\program files\Safer Networking
2009-05-21 06:20 . 2008-12-11 15:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-21 06:20 . 2009-04-03 18:18 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-21 06:20 . 2008-12-18 19:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-21 06:20 . 2009-05-24 06:56 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-21 06:20 . 2009-05-21 06:21 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-21 06:20 . 2008-12-10 18:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-21 06:20 . 2009-05-22 10:01 -------- d-----w c:\program files\Spyware Doctor
2009-05-21 06:20 . 2009-05-21 06:20 -------- d-----w c:\documents and settings\Ridiculous Nicholas\Application Data\PC Tools
2009-05-21 06:20 . 2009-05-21 06:20 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-21 06:18 . 2009-05-21 06:18 -------- d-----w C:\!KillBox
2009-05-20 08:02 . 2009-05-17 21:24 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSviA64.sys
2009-05-20 08:02 . 2009-05-17 21:24 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSvix86.sys
2009-05-20 08:02 . 2009-05-17 21:24 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys
2009-05-20 08:02 . 2009-05-17 21:24 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSxpx86.dll
2009-05-20 08:02 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\Scxpx86.dll
2009-05-18 04:47 . 2009-05-18 04:47 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-18 03:55 . 2009-05-18 03:55 -------- d-----r c:\program files\Norton Support
2009-05-18 03:55 . 2009-05-18 03:55 -------- d-----w c:\documents and settings\Ridiculous Nicholas\Local Settings\Application Data\Symantec
2009-05-18 01:52 . 2009-05-18 01:52 -------- d-----w c:\documents and settings\Ridiculous Nicholas\Application Data\Uniblue
2009-05-17 23:00 . 2009-04-06 22:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 23:00 . 2009-04-06 22:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 23:00 . 2009-05-18 02:49 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-17 21:31 . 2009-05-17 21:24 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSviA64.sys
2009-05-17 21:31 . 2009-05-17 21:24 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSvix86.sys
2009-05-17 21:31 . 2009-05-17 21:24 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSXpx86.sys
2009-05-17 21:31 . 2009-05-17 21:24 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\IDSxpx86.dll
2009-05-17 21:31 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090508.002\Scxpx86.dll
2009-05-17 21:25 . 2009-05-17 21:24 36400 ----a-r c:\windows\system32\drivers\SymIM.sys
2009-05-17 21:25 . 2009-05-17 21:25 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-05-17 21:25 . 2009-05-17 21:25 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-05-17 21:25 . 2009-05-17 21:25 -------- d-----w c:\program files\Symantec
2009-05-17 21:24 . 2009-05-17 21:24 396848 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvia64.sys
2009-05-17 21:24 . 2009-05-17 21:24 292912 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-05-17 21:24 . 2009-05-17 21:24 276344 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.sys
2009-05-17 21:24 . 2009-05-17 21:24 136840 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\patch25.dll
2009-05-17 21:24 . 2009-05-17 21:24 1290592 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\SyKnAppS\SyKnAppS.dll
2009-05-17 21:24 . 2009-05-17 21:24 447864 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\idsxpx86.dll
2009-05-17 21:24 . 2009-05-17 21:24 796016 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\CLT\cltLMSx.dll
2009-05-17 21:24 . 2009-05-17 21:24 -------- d-----w c:\windows\system32\drivers\NAV
2009-05-17 21:24 . 2009-05-17 21:24 -------- d-----w c:\program files\Windows Sidebar
2009-05-17 21:24 . 2009-05-17 21:24 -------- d-----w c:\program files\NortonInstaller
2009-05-17 02:59 . 2009-05-17 02:59 -------- d-----w c:\documents and settings\Administrator\Application Data\Lavasoft
2009-05-17 02:56 . 2009-05-17 02:56 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-22 08:31 . 2007-12-25 19:34 -------- d-----w c:\documents and settings\Ridiculous Nicholas\Application Data\DNA
2009-05-22 01:03 . 2007-05-17 18:39 -------- d-----w c:\program files\Java
2009-05-22 00:47 . 2007-05-11 16:40 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 21:50 . 2007-12-25 19:34 -------- d-----w c:\program files\DNA
2009-05-21 06:11 . 2009-02-01 08:12 -------- d-----w c:\documents and settings\Ridiculous Nicholas\Application Data\U3
2009-05-18 03:12 . 2007-07-02 02:42 -------- d-----w c:\program files\PokerStars
2009-05-17 21:25 . 2009-05-17 21:25 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-05-17 21:25 . 2009-05-17 21:25 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-05-17 21:24 . 2008-11-20 02:59 -------- d-----w c:\program files\Norton AntiVirus
2009-05-17 20:57 . 2008-11-19 03:03 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-05-17 20:57 . 2007-05-07 00:31 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-05-01 15:44 . 2008-08-24 22:39 -------- d-----w c:\program files\EtherDetect
2009-03-16 20:03 . 2009-03-16 20:03 533880 ----a-w c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryMechanic"="c:\program files\Registry Mechanic\RegMech.exe" [2008-07-09 2828184]
"CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-11-24 68856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" [2007-11-29 583048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-22 5898240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-22 148888]

c:\documents and settings\Ridiculous Nicholas\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Omega ASIO Control Panel.lnk - c:\program files\Lexicon\Omega\Driver\ASIOSysTray.exe [2004-8-11 274432]
Sprint media monitor.lnk - c:\windows\RM.exe [2008-7-21 222552]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
CoreCenter.lnk - c:\program files\MSI\Core Center\CoreCenter.exe [2007-5-6 932864]
DigiCell.lnk - c:\program files\MSI\DigiCell\DigiCell.exe [2007-1-2 1376256]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Engine\\YahooMusicEngine.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/20/2009 11:20 PM 130936]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SymEFA.sys [5/17/2009 2:24 PM 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys [5/17/2009 2:24 PM 258608]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NAV\1005000.086\cchpx86.sys [5/17/2009 2:24 PM 482352]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090513.001\IDSXpx86.sys [5/20/2009 1:02 AM 276344]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/17/2009 2:24 PM 115560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/18/2009 11:38 AM 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/4/2009 12:37 AM 101936]
S2 EraserSvc10910;Symantec Eraser Service;c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [5/17/2009 2:24 PM 115560]
S3 CEUSBAUD;Lexicon USB MIDI Driver1;c:\windows\system32\drivers\ceusbaud.sys [11/5/2003 11:11 AM 17920]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/14/2007 12:40 PM 34448]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/20/2009 11:20 PM 348752]
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {4907D5BF-232A-43DC-B306-CCB18BEA07EF} - hxxp://98.109.214.5/WebCamX.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 00:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,26,66,74,03,8f,
77,2f,f5,e2,63,26,f1,3f,c8,ff,68,a6,80,d3,3e,e0,78,82,06,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,a5,8a,19,6e,b7,
9f,04,95,6a,9c,d6,61,af,45,84,18,02,b9,eb,f3,f2,df,9f,e2,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,39,ff,b1,34,d5,
28,4d,48,ff,7c,85,e0,43,d4,0e,fe,a2,08,e6,00,02,b5,9b,8f,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,1b,b7,48,62,3e,
9a,4c,30,86,8c,21,01,be,91,eb,e7,1c,5f,4b,23,3d,c0,58,d2,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,8e,6a,47,c0,b9,
f9,25,ab,f5,1d,4d,73,a8,13,5c,05,e0,f6,fe,fb,8f,36,09,42,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,99,f0,be,7b,d5,
b4,e4,e9,df,20,58,62,78,6b,cf,c8,d5,e0,69,8f,e0,fc,d6,c7,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,29,36,40,33,3e,
ed,1a,7c,fb,a7,78,e6,12,2f,9a,ea,3c,a9,fb,5d,75,6c,08,0a,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,c0,9e,80,e3,87,
e6,85,f5,01,3a,48,fc,e8,04,4a,f1,b8,7a,56,4c,46,bd,68,48,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,9b,45,d6,5a,f4,
04,db,a4,f6,0f,4e,58,98,5b,89,c9,1a,db,d7,2c,95,11,81,eb,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,63,4d,a7,f8,21,
d8,03,9b,3d,ce,ea,26,2d,45,aa,78,0d,64,3d,d3,9d,0e,49,78,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,40,ca,c3,88,82,
4c,2d,25,2a,b7,cc,b5,b9,7f,41,e7,07,86,0c,92,8b,47,fd,d2,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,88,d1,14,84,36,
fa,eb,36,6c,43,2d,1e,aa,22,2f,9c,2c,f2,8d,30,f3,13,d3,23,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1008)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
Completion time: 2009-05-24 0:34
ComboFix-quarantined-files.txt 2009-05-24 07:34

Pre-Run: 52,481,900,544 bytes free
Post-Run: 53,315,031,040 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

268 --- E O F --- 2008-12-18 11:00
 
I don't think this fixed it because norton antivirus (after the reboot combofix had to to) still came up with a message that there was a backdoor.trojan detected.
 
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:38 AM, on 5/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSI\Core Center\CoreCenter.exe
C:\Program Files\MSI\DigiCell\DigiCell.exe
C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
C:\Program Files\Sprint Instinct Applications\MEMonitor.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/yme/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-117609710-220523388-839522115-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-21-117609710-220523388-839522115-500\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe (User 'Administrator')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O4 - Startup: Omega ASIO Control Panel.lnk = C:\Program Files\Lexicon\Omega\Driver\ASIOSysTray.exe
O4 - Startup: Sprint media monitor.lnk = C:\WINDOWS\RM.exe
O4 - Global Startup: CoreCenter.lnk = C:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: DigiCell.lnk = C:\Program Files\MSI\DigiCell\DigiCell.exe
O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070501/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4907D5BF-232A-43DC-B306-CCB18BEA07EF} (WebCamX Control) - http://98.109.214.5/WebCamX.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JS...f/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Symantec Eraser Service (EraserSvc10910) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifSvc.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11304 bytes
 
I have no idea... I just get a pop up that says norton antivirus has detected backdoor.trojan and it is unable to remove it. I trie to rescan and it fails. when I click on the "help" it points me to a link that pretty much just sends me in a loop. Unable to remove the backdoor.trojan. *sigh* any ideas?
 
You must log in or register to reply here.
Back
Top