1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active C:\windows\system32\wijuyira.dll

Discussion in 'Malware and Virus Removal Archive' started by italianp16, 2009/08/28.

  1. 2009/08/28
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    [Active] C:\windows\system32\wijuyira.dll

    I am in desperate need of help. I have a laptop and every time I start it up I get an error message saying:
    Error loading C:\windows\system32\wijuyira.dll The specified module could not be found.
    It’s making my computer freeze up and really slow when it does work which is very rarely lately. I searched for it in my computer, in windows system32 but I don’t see it in there. I also found it in the startup commands in the system configuration utility. I unchecked it, which now the error doesn’t come up when I start up, but the computer is still freezing. I googled it and it looks at those it may be a virus or threat or something. I want to see if there is a way of removing this myself. I hope there is someone out there that can help me. I would really appreciate it!
    I have run the dss, as prompted to and below is what was returned.

    Thanks in advance!



    DDS (Ver_09-07-30.01) - NTFSx86 NETWORK
    Run by LeAnn at 13:25:13.78 on Fri 08/28/2009
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.689 [GMT -4:00]

    AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Spyware Doctor\pctsTray.exe
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\LeAnn\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uStart Page = hxxp://www.aol.com/
    uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
    BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
    TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
    TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [nah_Shell] c:\documents and settings\leann\nah_claa.exe
    uRun: [RegistryMechanic] c:\program files\registry mechanic\RegMech.exe /H
    uRun: [DelayShred] c:\progra~1\mcafee\mshr\shrcl.exe /p7 /q c:\docume~1\leann\locals~1\temp\tempor~1\content.ie5\wjzyns6z.sh! c:\docume~1\leann\locals~1\temp\tempor~1\content.ie5\p4k7knx1.sh! c:\docume~1\leann\locals~1\temp\tempor~1\content.sh! c:\docume~1\leann\locals~1\temp\TEMPOR~1.SH!
    mRun: [ehTray] c:\windows\ehome\ehtray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe "
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [igfxtray] c:\windows\system32\igfxtray.exe
    mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
    mRun: [igfxpers] c:\windows\system32\igfxpers.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe "
    mRun: [<NO NAME>]
    mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
    mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
    mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
    mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
    mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe "
    mRun: [McAfee Backup] "c:\program files\mcafee\mbk\McAfeeDataBackup.exe "
    mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe "
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dlbcserv.lnk - c:\program files\dell photo printer 720\dlbcserv.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247346158625
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
    Notify: GoToAssist - c:\program files\citrix\gotoassist\480\G2AWinLogon.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\windows\system32\yubihimo.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    LSA: Notification Packages = scecli c:\windows\system32\yubihimo.dll

    ============= SERVICES / DRIVERS ===============

    R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688]
    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-7-17 130936]
    R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-7-17 348752]
    R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-7-17 1097096]
    S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-6-27 214024]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-1-23 210216]
    S2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-1-23 359952]
    S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
    S2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-1-23 144704]
    S3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-1-23 606736]
    S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-1-23 79880]
    S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-1-23 35272]
    S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-1-23 34216]
    S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-1-23 40552]

    =============== Created Last 30 ================

    2009-08-25 21:45 <DIR> --d----- c:\windows\pss
    2009-08-25 19:03 306,688 a------- c:\windows\IsUninst.exe
    2009-08-25 19:03 260 a------- c:\windows\_delis32.ini
    2009-08-20 23:15 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
    2009-08-19 17:14 <DIR> --d----- c:\windows\system32\XPSViewer
    2009-08-19 17:12 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
    2009-08-19 17:12 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
    2009-08-19 17:12 117,760 -------- c:\windows\system32\prntvpt.dll
    2009-08-19 17:12 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
    2009-08-19 17:12 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
    2009-08-19 17:12 1,676,288 -------- c:\windows\system32\xpssvcs.dll
    2009-08-19 17:12 575,488 -------- c:\windows\system32\xpsshhdr.dll
    2009-08-19 17:12 <DIR> --d----- C:\7ecfc4c93730d3f0f6e4568386457f
    2009-08-18 16:30 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
    2009-08-18 16:28 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
    2009-08-17 05:41 <DIR> --d----- C:\0c94e3fe2be3c9deb21b8e0a3d
    2009-08-13 21:50 <DIR> --d----- c:\program files\Rhapsody
    2009-08-05 05:01 204,800 -c------ c:\windows\system32\dllcache\mswebdvd.dll
    2009-08-03 22:36 <DIR> --dsh--- c:\documents and settings\leann\PrivacIE
    2009-08-03 22:30 <DIR> --dsh--- c:\documents and settings\leann\IETldCache
    2009-08-03 22:24 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
    2009-08-03 22:24 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
    2009-08-03 22:24 <DIR> --d----- c:\windows\ie8updates
    2009-08-03 22:23 101,376 -c------ c:\windows\system32\dllcache\iecompat.dll
    2009-08-03 22:16 <DIR> -cd-h--- c:\windows\ie8
    2009-07-31 14:06 284,160 -c------ c:\windows\system32\dllcache\pdh.dll
    2009-07-31 14:06 401,408 -c------ c:\windows\system32\dllcache\rpcss.dll
    2009-07-31 14:06 110,592 -c------ c:\windows\system32\dllcache\services.exe
    2009-07-31 14:05 473,600 -c------ c:\windows\system32\dllcache\fastprox.dll
    2009-07-31 14:05 227,840 -c------ c:\windows\system32\dllcache\wmiprvse.exe
    2009-07-31 14:05 453,120 -c------ c:\windows\system32\dllcache\wmiprvsd.dll
    2009-07-31 14:05 730,112 -c------ c:\windows\system32\dllcache\lsasrv.dll
    2009-07-31 14:05 617,472 -c------ c:\windows\system32\dllcache\advapi32.dll
    2009-07-31 14:05 714,752 -c------ c:\windows\system32\dllcache\ntdll.dll
    2009-07-31 13:58 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
    2009-07-31 13:38 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
    2009-07-31 13:31 2,560 -------- c:\windows\system32\xpsp4res.dll
    2009-07-31 13:31 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
    2009-07-31 13:31 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe

    ==================== Find3M ====================

    2009-08-05 05:01 204,800 a------- c:\windows\system32\mswebdvd.dll
    2009-07-30 17:57 299,158 a------- c:\windows\unins000.dat
    2009-07-30 17:57 702,297 a------- c:\windows\unins000.exe
    2009-07-17 15:01 58,880 a------- c:\windows\system32\atl.dll
    2009-07-13 23:43 286,208 a------- c:\windows\system32\wmpdxm.dll
    2009-07-04 13:52 68,007 a------- c:\windows\system32\rn.tmp
    2009-07-03 16:37 78,336 a------- c:\documents and settings\leann\nah_claa.exe
    2009-07-03 13:09 915,456 a------- c:\windows\system32\wininet.dll
    2009-06-25 04:25 730,112 a------- c:\windows\system32\lsasrv.dll
    2009-06-25 04:25 301,568 a------- c:\windows\system32\kerberos.dll
    2009-06-25 04:25 147,456 a------- c:\windows\system32\schannel.dll
    2009-06-25 04:25 136,192 a------- c:\windows\system32\msv1_0.dll
    2009-06-25 04:25 56,832 a------- c:\windows\system32\secur32.dll
    2009-06-25 04:25 54,272 a------- c:\windows\system32\wdigest.dll
    2009-06-16 10:36 119,808 a------- c:\windows\system32\t2embed.dll
    2009-06-16 10:36 81,920 a------- c:\windows\system32\fontsub.dll
    2009-06-12 08:31 80,896 a------- c:\windows\system32\tlntsess.exe
    2009-06-12 08:31 76,288 a------- c:\windows\system32\telnet.exe
    2009-06-10 10:13 84,992 a------- c:\windows\system32\avifil32.dll
    2009-06-10 09:19 2,066,432 a------- c:\windows\system32\mstscax.dll
    2009-06-10 02:14 132,096 a------- c:\windows\system32\wkssvc.dll
    2009-06-03 15:09 1,291,264 a------- c:\windows\system32\quartz.dll
    2008-10-16 21:05 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008101620081017\index.dat

    ============= FINISH: 13:26:19.68 ===============






    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-07-30.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 10/29/2007 1:57:54 PM
    System Uptime: 8/28/2009 1:13:21 PM (0 hours ago)

    Motherboard: Dell Inc. | | 0WF351
    Processor: Intel(R) Pentium(R) M processor 1.60GHz | Microprocessor | 1595/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 75 GiB total, 32.819 GiB free.
    D: is CDROM ()
    E: is Removable

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP190: 4/19/2009 7:03:26 PM - System Checkpoint
    RP191: 5/14/2009 11:54:48 PM - System Checkpoint
    RP192: 5/16/2009 5:48:50 PM - System Checkpoint
    RP193: 5/18/2009 6:15:00 PM - System Checkpoint
    RP194: 5/21/2009 3:59:47 PM - System Checkpoint
    RP195: 5/25/2009 2:56:24 AM - System Checkpoint
    RP196: 5/30/2009 12:37:07 AM - System Checkpoint
    RP197: 5/31/2009 1:02:59 AM - System Checkpoint
    RP198: 6/1/2009 3:20:24 PM - System Checkpoint
    RP199: 6/3/2009 7:41:00 PM - System Checkpoint
    RP200: 6/14/2009 1:03:11 PM - System Checkpoint
    RP201: 6/15/2009 8:52:56 PM - System Checkpoint
    RP202: 6/17/2009 9:51:45 AM - System Checkpoint
    RP203: 6/18/2009 3:51:48 PM - Installed DirectX
    RP204: 6/18/2009 3:54:54 PM - Installed Nero 8 Essentials
    RP205: 6/18/2009 4:46:40 PM - Removed Nero 8 Essentials
    RP206: 6/18/2009 4:53:12 PM - Removed LightScribe System Software 1.10.16.1.
    RP207: 6/28/2009 10:59:57 AM - System Checkpoint
    RP208: 6/29/2009 3:17:08 PM - System Checkpoint
    RP209: 6/29/2009 4:37:38 PM - Removed Java(TM) 6 Update 3
    RP210: 7/3/2009 10:56:19 AM - System Checkpoint
    RP211: 7/10/2009 5:29:56 PM - System Checkpoint
    RP212: 7/11/2009 6:24:54 PM - System Checkpoint
    RP213: 7/31/2009 4:18:23 PM - System Checkpoint
    RP214: 7/31/2009 4:46:55 PM - Spyware Doctor: Cleaning Threats
    RP215: 8/1/2009 8:06:55 PM - Software Distribution Service 3.0
    RP216: 8/1/2009 10:00:18 PM - Spyware Doctor: Cleaning Threats
    RP217: 8/3/2009 9:56:21 PM - Software Distribution Service 3.0
    RP218: 8/7/2009 12:15:58 PM - System Checkpoint
    RP219: 8/8/2009 8:18:52 PM - System Checkpoint
    RP220: 8/17/2009 5:41:16 AM - Software Distribution Service 3.0
    RP221: 8/19/2009 3:56:30 PM - System Checkpoint
    RP222: 8/19/2009 4:56:50 PM - Software Distribution Service 3.0
    RP223: 8/19/2009 8:45:54 PM - Printer Driver Microsoft XPS Document Writer Installed
    RP224: 8/21/2009 2:20:41 AM - Software Distribution Service 3.0
    RP225: 8/25/2009 6:59:57 PM - Removed Logitech Vid.
    RP226: 8/25/2009 7:06:41 PM - Removed Logitech QuickCam
    RP227: 8/25/2009 7:10:08 PM - Removed Logitech Desktop Messenger
    RP228: 8/25/2009 7:11:30 PM - Spyware Doctor: Cleaning Threats
    RP229: 8/25/2009 7:12:49 PM - Removed Rhapsody Player Engine
    RP230: 8/27/2009 4:48:01 PM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Adobe Acrobat 8 Professional - English, Français, Deutsch
    Adobe Acrobat 8.1.2 Professional
    Adobe Acrobat 8.1.2 Security Update 1 (KB403742)
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Flash Player 10 ActiveX
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player 11.5
    Adobe® Photoshop® Album Starter Edition 3.2
    AOL You've Got Pictures Screensaver
    AutoUpdate
    BitLord 1.1
    Broadcom 440x 10/100 Integrated Controller
    Conexant D110 MDC V.92 Modem
    Coupon Printer for Windows
    Critical Update for Windows Media Player 11 (KB959772)
    Dell Photo Printer 720
    Dell Photo Printer 720 Logger
    Dell Resource CD
    Dell Support Center (Support Software)
    Dell Wireless WLAN Card
    DellSupport
    DivX
    ESPNMotion
    FaxTools
    GemMaster Mystic
    Google Toolbar for Internet Explorer
    GoToAssist 8.0.0.480
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 10 (KB903157)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Intel(R) PROSet/Wireless Software
    Jasc Paint Shop Pro 8 Dell Edition
    Java(TM) 6 Update 7
    McAfee Anti-Theft
    McAfee SecurityCenter
    mCore
    mDriver
    mDrWiFi
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Digital Image Library 9 - Blocker
    Microsoft Digital Image Suite 2006
    Microsoft Digital Image Suite 2006 Editor
    Microsoft Digital Image Suite 2006 Library
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    mIWA
    mLogView
    mMHouse
    Modem Helper
    mPfMgr
    mPfWiz
    mProSafe
    mSSO
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    mWlsSafe
    mWMI
    mXML
    mZConfig
    neroxml
    NVIDIA Drivers
    OpenOffice.org 3.0
    Otto
    QuickTime
    RealPlayer Basic
    Registry Mechanic 8.0
    Roxio Drag-to-Disc
    Roxio Easy Media Creator 9 Suite
    ScreenPrint32 v3.5
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB969679)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB969682)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Visio 2007 (KB947590)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB936782)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB938464-v2)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    SightSpeed (remove only)
    Sonic Encoders
    Spyware Doctor 6.0
    Synaptics Pointing Device Driver
    Turbo Tax Audit Support Center 2.0
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office Outlook 2007 (KB969907)
    Update for Outlook 2007 Junk Email Filter (kb972691)
    Update for Windows Internet Explorer 8 (KB972636)
    Update for Windows Media Player 10 (KB913800)
    Update for Windows Media Player 10 (KB926251)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB973815)
    Update Rollup 2 for Windows XP Media Center Edition 2005
    VCRedistSetup
    Viewpoint Media Player
    WebFldrs XP
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Media Center Edition 2005 KB925766
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    Xingtone Ringtone Maker
    Xvid 1.1.2 final uninstall
    Yahoo! Messenger
    Yahoo! Toolbar

    ==== Event Viewer Messages From Past Week ========

    8/28/2009 1:16:09 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McNASvc with arguments " " in order to run the server: {24F616A1-B755-4053-8018-C3425DC8B68A}
    8/28/2009 1:15:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm mfehidk
    8/28/2009 1:14:50 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

    ==== End Of File ===========================
     
    italianp16,
    #1
  2. 2009/08/28
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    - Close browsers before scanning.
    - Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    - Click Preferences, then click the Statistics/Logs tab.
    - Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    - If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    - Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Download HijackThis Installer
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    Requested Logs

    Sorry for the delay...here are the requested logs. Thanks!

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 08/30/2009 at 03:50 PM

    Application Version : 4.27.1002

    Core Rules Database Version : 4076
    Trace Rules Database Version: 2016

    Scan type : Complete Scan
    Total Scan Time : 00:39:43

    Memory items scanned : 388
    Memory threats detected : 0
    Registry items scanned : 7968
    Registry threats detected : 150
    File items scanned : 26310
    File threats detected : 34

    Adware.MyWebSearch
    HKU\S-1-5-21-861567501-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D}
    HKU\S-1-5-21-861567501-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA}
    HKU\S-1-5-21-861567501-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA}

    Adware.Tracking Cookie
    C:\Documents and Settings\LeAnn\Cookies\leann@specificmedia[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@a1.interclick[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@precisionclick[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@interclick[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@ad.yieldmanager[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@ads.lucidmedia[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@tracking.realtor[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@e-2dj6wjlowjdjsbp.stats.esomniture[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@collective-media[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@clicksor[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@stats.paypal[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@optimize.indieclick[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@richmedia.yahoo[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@ads.undertone[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@ads.infinisource[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@ads.associatedcontent[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@invitemedia[1].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@intermundomedia[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@d.mediaforceads[2].txt
    C:\Documents and Settings\LeAnn\Cookies\leann@www.googleadservices[1].txt

    Trojan.Unknown Origin
    HKU\S-1-5-21-861567501-1214440339-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#nah_Shell [ C:\Documents and Settings\LeAnn\nah_claa.exe ]

    Adware.MyWebSearch/FunWebProducts
    HKU\S-1-5-21-861567501-1214440339-725345543-1003\SOFTWARE\Fun Web Products
    HKLM\SOFTWARE\Fun Web Products
    HKLM\SOFTWARE\Fun Web Products#JpegConversionLib
    HKLM\SOFTWARE\Fun Web Products#CacheDir
    HKLM\SOFTWARE\Fun Web Products\ScreenSaver
    HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir
    HKLM\SOFTWARE\Fun Web Products\ScreenSaver#PM
    HKLM\SOFTWARE\Fun Web Products\Settings
    HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn
    HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#LastHTMLMenuURL
    HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#HTMLMenuRevision
    HKLM\SOFTWARE\Fun Web Products\Settings\AvatarSmallBtn#ETag
    HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn
    HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#LastHTMLMenuURL
    HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#HTMLMenuRevision
    HKLM\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn#ETag
    HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn
    HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#LastHTMLMenuURL
    HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#HTMLMenuRevision
    HKLM\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn#ETag
    HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn
    HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#LastHTMLMenuURL
    HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#HTMLMenuRevision
    HKLM\SOFTWARE\Fun Web Products\Settings\MailStampBtn#ETag
    HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn
    HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#LastHTMLMenuURL
    HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#HTMLMenuRevision
    HKLM\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn#ETag
    HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn
    HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#LastHTMLMenuURL
    HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#HTMLMenuRevision
    HKLM\SOFTWARE\Fun Web Products\Settings\MyStationeryBtn#ETag
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.0
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqUninstalled
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.numActive2
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.1
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.2
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.3
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.4
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.5
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.6
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.7
    HKLM\SOFTWARE\Fun Web Products\Settings\Promos#MSN.8
    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn
    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted
    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#LastHTMLMenuURL
    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuRevision
    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#ETag
    HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#iexplore.exe.pos
    HKU\S-1-5-21-861567501-1214440339-725345543-1003\SOFTWARE\FunWebProducts
    HKLM\SOFTWARE\FunWebProducts
    HKLM\SOFTWARE\FunWebProducts\Installer
    HKLM\SOFTWARE\FunWebProducts\Installer#Dir
    HKLM\SOFTWARE\FunWebProducts\Installer#CurInstall
    HKLM\SOFTWARE\FunWebProducts\Installer#sr
    HKLM\SOFTWARE\FunWebProducts\Installer#pl
    HKLM\SOFTWARE\FunWebProducts\Installer#CheckForConnection
    HKLM\SOFTWARE\FunWebProducts\Installer#CacheDir
    HKLM\SOFTWARE\FunWebProducts\Installer\downloaded
    HKU\S-1-5-21-861567501-1214440339-725345543-1003\SOFTWARE\MyWebSearch
    HKLM\SOFTWARE\MyWebSearch
    HKLM\SOFTWARE\MyWebSearch\bar
    HKLM\SOFTWARE\MyWebSearch\bar#pid
    HKLM\SOFTWARE\MyWebSearch\bar#fwp
    HKLM\SOFTWARE\MyWebSearch\bar#mwsask
    HKLM\SOFTWARE\MyWebSearch\bar#tiec
    HKLM\SOFTWARE\MyWebSearch\bar#Dir
    HKLM\SOFTWARE\MyWebSearch\bar#PluginPath
    HKLM\SOFTWARE\MyWebSearch\bar#CurInstall
    HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir
    HKLM\SOFTWARE\MyWebSearch\bar#sr
    HKLM\SOFTWARE\MyWebSearch\bar#pl
    HKLM\SOFTWARE\MyWebSearch\bar#Id
    HKLM\SOFTWARE\MyWebSearch\bar#CacheDir
    HKLM\SOFTWARE\MyWebSearch\bar#ConfigDateStamp
    HKLM\SOFTWARE\MyWebSearch\bar#HTMLMenuRevision
    HKLM\SOFTWARE\MyWebSearch\bar#sscLabel
    HKLM\SOFTWARE\MyWebSearch\bar#sscURL
    HKLM\SOFTWARE\MyWebSearch\bar#SearchProvider
    HKLM\SOFTWARE\MyWebSearch\bar#Flags
    HKLM\SOFTWARE\MyWebSearch\bar#HistoryDir
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pid
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fwp
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#mwsask
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Dir
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#esh
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#lsp
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#CurInstall
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sr
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#pl
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#Id
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ConfigDateStamp
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#ABS
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#DES
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#sscEnabled
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#eintl
    HKLM\SOFTWARE\MyWebSearch\SearchAssistant#fs
    HKLM\SOFTWARE\MyWebSearch\SkinTools
    HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
    HKCR\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
    HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
    HKLM\Software\FocusInteractive
    HKLM\Software\FocusInteractive\bar
    HKLM\Software\FocusInteractive\bar\Switches
    HKLM\Software\FocusInteractive\bar\Switches#incmail.exe
    HKLM\Software\FocusInteractive\bar\Switches#msimn.exe
    HKLM\Software\FocusInteractive\bar\Switches#msn.exe
    HKLM\Software\FocusInteractive\bar\Switches#outlook.exe
    HKLM\Software\FocusInteractive\bar\Switches#waol.exe
    HKLM\Software\FocusInteractive\bar\Switches#aim.exe
    HKLM\Software\FocusInteractive\bar\Switches#icq.exe
    HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe
    HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe
    HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe
    HKLM\Software\FocusInteractive\bar\Switches#ypager.exe
    HKLM\Software\FocusInteractive\bar\Switches#au
    HKLM\Software\FocusInteractive\bar\Switches#mwsSrcAs.dll
    HKLM\Software\FocusInteractive\bar\Switches#ps
    HKLM\Software\FocusInteractive\bar\Switches#ok
    HKLM\Software\FocusInteractive\bar\Switches#od
    HKLM\Software\FocusInteractive\bar\Switches#nk
    HKLM\Software\FocusInteractive\bar\Switches#nd
    HKLM\Software\FocusInteractive\Email-IM
    HKLM\Software\FocusInteractive\Email-IM\0
    HKLM\Software\FocusInteractive\Email-IM\0#Toolbar
    HKLM\Software\FocusInteractive\Email-IM\0#AppName
    HKLM\Software\FocusInteractive\Outlook
    C:\Program Files\MyWebSearch\bar\History\search2
    C:\Program Files\MyWebSearch\bar\History
    C:\Program Files\MyWebSearch\bar\Settings\setting2.htm
    C:\Program Files\MyWebSearch\bar\Settings\settings.dat
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
    C:\Program Files\MyWebSearch\bar\Settings
    C:\Program Files\MyWebSearch\bar
    C:\Program Files\MyWebSearch
    C:\Program Files\FunWebProducts\ScreenSaver\Images\0072AA01.urr
    C:\Program Files\FunWebProducts\ScreenSaver\Images
    C:\Program Files\FunWebProducts\ScreenSaver
    C:\Program Files\FunWebProducts\Shared
    C:\Program Files\FunWebProducts

    Adware.CouponBar
    C:\WINDOWS\SYSTEM32\CPNPRT2.CID
     
    italianp16,
    #3
  5. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    Logs Requested

    Malwarebytes' Anti-Malware 1.40
    Database version: 2719
    Windows 5.1.2600 Service Pack 3

    9/3/2009 12:11:06 PM
    mbam-log-2009-09-03 (09-41-34).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 201688
    Time elapsed: 1 hour(s), 38 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 4
    Registry Values Infected: 0
    Registry Data Items Infected: 3
    Folders Infected: 3
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

    Folders Infected:
    C:\Documents and Settings\LeAnn\Application Data\FunWebProducts (Adware.MyWay) -> No action taken.
    C:\Documents and Settings\LeAnn\Application Data\FunWebProducts\Data (Adware.MyWay) -> No action taken.
    C:\Documents and Settings\LeAnn\Application Data\FunWebProducts\Data\LeAnn (Adware.MyWay) -> No action taken.

    Files Infected:
    (No malicious items detected)
     
    italianp16,
    #4
  6. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested #3

    GMER 1.0.15.15077 [ifbcqvs4.exe] - http://www.gmer.net
    Rootkit scan 2009-09-03 11:39:13
    Windows 5.1.2600 Service Pack 3


    ---- System - GMER 1.0.15 ----

    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7273D72]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF72549A6]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7254B98]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7274568]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7274820]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7272A80]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7274C8A]
    SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7274036]
    SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAAE590B0]

    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xAAD9B4EC]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateKey [0xAAD9B635]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xAAD9B61F]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xAAD9B52C]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xAAD9B661]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0xAAD9B470]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0xAAD9B484]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xAAD9B500]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryKey [0xAAD9B69D]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xAAD9B609]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwQueryValueKey [0xAAD9B5F3]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0xAAD9B689]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0xAAD9B675]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0xAAD9B4D8]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xAAD9B4C4]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnloadKey [0xAAD9B64B]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xAAD9B542]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xAAD9B516]
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread
    Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwYieldExecution 8050223C 7 Bytes JMP AAD9B51A \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtCreateFile 8056E2FC 5 Bytes JMP AAD9B4F0 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtMapViewOfSection 805A7500 7 Bytes JMP AAD9B530 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805A8316 5 Bytes JMP AAD9B546 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805ADA94 7 Bytes JMP AAD9B504 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP AAD9B474 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP AAD9B488 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP AAD9B4C8 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP AAD9B4DC \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryValueKey 80618568 7 Bytes JMP AAD9B5F7 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwUnloadKey 80618BE0 7 Bytes JMP AAD9B64F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwQueryMultipleValueKey 8061947E 7 Bytes JMP AAD9B60D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 7 Bytes JMP AAD9B639 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateValueKey 8061ADDA 3 Bytes JMP AAD9B623 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwEnumerateValueKey + 4 8061ADDE 3 Bytes [2A, 90, 90]
    PAGE ntkrnlpa.exe!ZwQueryKey 8061BA28 7 Bytes JMP AAD9B6A1 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwRestoreKey 8061BCE8 5 Bytes JMP AAD9B679 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwReplaceKey 8061C3DC 5 Bytes JMP AAD9B68D \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    PAGE ntkrnlpa.exe!ZwNotifyChangeKey 8061C4F6 5 Bytes JMP AAD9B665 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    ? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
     
    italianp16,
    #5
  7. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested #3 cont.

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[216] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00BA0FEF
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00BA0082
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00BA0F8D
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00BA0067
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00BA0F9E
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00BA002F
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00BA00B0
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00BA009F
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00BA00CB
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00BA0F3C
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00BA0F17
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00BA004A
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00BA0FD4
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00BA0F68
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00BA001E
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00BA0FC3
    .text C:\WINDOWS\system32\svchost.exe[216] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00BA0F4D
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0093001B
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00930F83
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0093000A
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00930FD4
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00930036
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00930FE5
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00930F9E
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [B3, 88] {MOV BL, 0x88}
    .text C:\WINDOWS\system32\svchost.exe[216] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00930FAF
    .text C:\WINDOWS\system32\svchost.exe[216] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[216] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\svchost.exe[216] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00920049
    .text C:\WINDOWS\system32\svchost.exe[216] msvcrt.dll!system 77C293C7 5 Bytes JMP 00920FBE
    .text C:\WINDOWS\system32\svchost.exe[216] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0092002E
    .text C:\WINDOWS\system32\svchost.exe[216] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00920000
    .text C:\WINDOWS\system32\svchost.exe[216] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00920FD9
    .text C:\WINDOWS\system32\svchost.exe[216] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0092001D
    .text C:\WINDOWS\system32\svchost.exe[216] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00900FEF
    .text C:\WINDOWS\system32\svchost.exe[216] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 0090000A
    .text C:\WINDOWS\system32\svchost.exe[216] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00900FCA
    .text C:\WINDOWS\system32\svchost.exe[216] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00900FB9
    .text C:\WINDOWS\system32\svchost.exe[216] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00910FEF
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\dllhost.exe[308] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00FF0000
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00FF0F66
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00FF005B
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00FF004A
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00870001
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00FF0F8D
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00FF0FC3
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00FF0F55
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00FF009D
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00FF0F30
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00FF00C9
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00FF00DA
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00FF0FB2
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00FF0FE5
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00FF0080
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00FF0025
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00FF0FD4
    .text C:\WINDOWS\system32\dllhost.exe[308] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00FF00B8
    .text C:\WINDOWS\system32\dllhost.exe[308] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FD005A
    .text C:\WINDOWS\system32\dllhost.exe[308] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FD0049
    .text C:\WINDOWS\system32\dllhost.exe[308] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FD001D
    .text C:\WINDOWS\system32\dllhost.exe[308] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FD0FEF
    .text C:\WINDOWS\system32\dllhost.exe[308] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FD0038
    .text C:\WINDOWS\system32\dllhost.exe[308] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00FD000C
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00FE0FCA
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00FE006C
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00FE001B
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00FE0000
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00FE0047
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00FE0FEF
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00FE002C
    .text C:\WINDOWS\system32\dllhost.exe[308] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00FE0FAF
    .text C:\WINDOWS\system32\dllhost.exe[308] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\dllhost.exe[308] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\dllhost.exe[308] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00850FEF
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A20001
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\eHome\ehRecvr.exe[312] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehSched.exe[332] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\eHome\ehSched.exe[332] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CF0001
    .text C:\WINDOWS\eHome\ehSched.exe[332] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\eHome\ehSched.exe[332] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01B50001
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\McAfee\SiteAdvisor\McSACore.exe[444] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03630001
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[560] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\csrss.exe[608] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\csrss.exe[608] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014D0001
    .text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\csrss.exe[608] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\winlogon.exe[636] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\winlogon.exe[636] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01550001
    .text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\winlogon.exe[636] USER32.dll!SetWindowsHookExA
     
    italianp16,
    #6
  8. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested #3 cont. (2)

    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 038D0001
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe[652] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03360001
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 0041C130 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0041C1B0 c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee Proxy Service Module/McAfee, Inc.)
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe[828] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\services.exe[908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01020FEF
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0102008A
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01020F95
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01020FA6
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0102006F
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01020043
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01020F84
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010200C0
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01020F4E
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010200DD
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 010200F8
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0102005E
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01020FDE
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 010200AF
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01020FCD
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0102001E
    .text C:\WINDOWS\system32\services.exe[908] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 01020F5F
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E30036
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E3008E
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E30025
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E3000A
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E30073
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E30FEF
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E30062
    .text C:\WINDOWS\system32\services.exe[908] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E30047
    .text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E20FA1
    .text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E20FB2
    .text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E20011
    .text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E20FEF
    .text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E20022
    .text C:\WINDOWS\system32\services.exe[908] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00E20000
    .text C:\WINDOWS\system32\services.exe[908] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\services.exe[908] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\services.exe[908] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E10FE5
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\lsass.exe[920] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C30FE5
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C30071
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C30F7C
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C30056
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C3002F
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C30F9E
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C300A4
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C30093
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C30F2D
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C300C6
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00C30F1C
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00C30F8D
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00C30FD4
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00C30082
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00C30FAF
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00C3000A
    .text C:\WINDOWS\system32\lsass.exe[920] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00C300B5
     
    italianp16,
    #7
  9. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested #3 cont. (3)

    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00C20040
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00C20073
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00C20FE5
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00C2001B
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00C20062
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00C20000
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00C20FC0
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [E2, 88] {LOOP 0xffffffffffffff8a}
    .text C:\WINDOWS\system32\lsass.exe[920] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00C20051
    .text C:\WINDOWS\system32\lsass.exe[920] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\lsass.exe[920] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00C10FCA
    .text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!system 77C293C7 5 Bytes JMP 00C10055
    .text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00C1003A
    .text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00C1000C
    .text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00C10FE5
    .text C:\WINDOWS\system32\lsass.exe[920] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00C10029
    .text C:\WINDOWS\system32\lsass.exe[920] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C00FEF
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B60FE5
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B60F83
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B60F94
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B60FA5
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B60062
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B6002C
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B60F30
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B60F41
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B600B5
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B600A4
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B600C6
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B60047
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B60FD4
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B60F5E
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B6001B
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B60000
    .text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B60089
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B50FD4
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B50FB2
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B50025
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B50FE5
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B50FC3
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B50000
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00B50065
    .text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B50040
    .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[1112] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00B40F8B
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!system 77C293C7 5 Bytes JMP 00B40F9C
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00B40FC1
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00B40FEF
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00B4000C
    .text C:\WINDOWS\system32\svchost.exe[1112] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00B40FD2
    .text C:\WINDOWS\system32\svchost.exe[1112] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00B30000
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F30000
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F30F92
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F30087
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F3006C
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F30051
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F30036
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F300B3
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F300A2
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F30F3C
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F300D5
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F300FA
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F30FAF
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F30011
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F30F77
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F30FCA
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F30FDB
    .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F300C4
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F2001B
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F20F9E
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F20000
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F20FD4
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F2005B
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F20FEF
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00F20FAF
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [12, 89]
    .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F20036
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F1004E
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F10033
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F10FDE
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F1000C
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F10FCD
    .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00F10FEF
    .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F00FE5
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\svchost.exe[1220] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02750000
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02750FA3
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02750FB4
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02750098
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0275007D
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02750062
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02750F81
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02750F92
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 027500F5
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 027500E4
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02750106
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02750FDB
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02750011
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 027500B3
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0275003D
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0275002C
    .text C:\WINDOWS\System32\svchost.exe[1220] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02750F66
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02740FD4
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0274005B
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02740025
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02740FE5
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02740040
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02740000
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02740F9E
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [94, 8A]
    .text C:\WINDOWS\System32\svchost.exe[1220] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02740FB9
    .text C:\WINDOWS\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\System32\svchost.exe[1220] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02730F90
    .text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!system 77C293C7 5 Bytes JMP 02730011
    .text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02730000
    .text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02730FEF
    .text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02730FA1
    .text C:\WINDOWS\System32\svchost.exe[1220] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 02730FC6
    .text C:\WINDOWS\System32\svchost.exe[1220] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02720000
    .text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02710FEF
    .text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 0271000A
    .text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02710FD4
    .text C:\WINDOWS\System32\svchost.exe[1220] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02710025
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
     
    italianp16,
    #8
  10. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested cont (4)

    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00650FEF
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00650096
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0065007B
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 0065006A
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00650043
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00650FA1
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006500CE
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00650F86
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0065011F
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00650104
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00650130
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00650028
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00650FDE
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 006500A7
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00650FB2
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00650FCD
    .text C:\WINDOWS\system32\svchost.exe[1260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 006500DF
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00640FC3
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0064004A
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00640FD4
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0064000A
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00640F97
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00640FEF
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0064002F
    .text C:\WINDOWS\system32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00640FA8
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\svchost.exe[1260] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 0063002C
    .text C:\WINDOWS\system32\svchost.exe[1260] msvcrt.dll!system 77C293C7 5 Bytes JMP 00630011
    .text C:\WINDOWS\system32\svchost.exe[1260] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00630000
    .text C:\WINDOWS\system32\svchost.exe[1260] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00630FE3
    .text C:\WINDOWS\system32\svchost.exe[1260] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00630FA1
    .text C:\WINDOWS\system32\svchost.exe[1260] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00630FC6
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe[1356] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 069D0001
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1388] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04EB0001
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[1428] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DB0001
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1440] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 06AD0001
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe[1460] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1544] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0077000A
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00770F7A
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0077006F
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00770F97
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00770FB2
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00770FCD
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00770F4E
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00770F5F
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00770F1F
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 007700C2
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 007700D3
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00770054
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00770FEF
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0077008A
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0077002F
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00770FDE
    .text C:\WINDOWS\system32\svchost.exe[1544] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 007700B1
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00760036
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00760FAF
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00760FEF
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00760025
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00760062
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0076000A
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00760047
    .text C:\WINDOWS\system32\svchost.exe[1544] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00760FCA
    .text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[1544] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00750F86
    .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!system 77C293C7 5 Bytes JMP 00750011
    .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00750FAB
    .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00750FEF
    .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00750000
    .text C:\WINDOWS\system32\svchost.exe[1544] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00750FC6
    .text C:\WINDOWS\system32\svchost.exe[1544] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00740FEF
     
    italianp16,
    #9
  11. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested (5)

    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 023A0001
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\McAfee\MPF\MPFSrv.exe[1612] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[1660] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009C0FEF
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009C0082
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009C0071
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009C0F8D
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009C0FA8
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009C0FD4
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009C00A4
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009C0093
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009C00FF
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009C00E4
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 009C011A
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 009C0FC3
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 009C000A
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 009C0F72
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 009C0036
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 009C0025
    .text C:\WINDOWS\system32\svchost.exe[1660] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 009C00BF
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 009B0FB9
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 009B0036
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 009B000A
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 009B0FD4
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 009B0F79
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 009B0FEF
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 009B0025
    .text C:\WINDOWS\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 009B0F9E
    .text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[1660] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 009A0FE3
    .text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!system 77C293C7 5 Bytes JMP 009A006E
    .text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 009A002E
    .text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_open 77C2F566 5 Bytes JMP 009A0000
    .text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 009A0049
    .text C:\WINDOWS\system32\svchost.exe[1660] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 009A0011
    .text C:\WINDOWS\system32\svchost.exe[1660] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00990FEF
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01170001
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\McAfee\MSK\MskSrver.exe[1820] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003B0001
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\System32\WLTRYSVC.EXE[1892] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\System32\bcmwltry.exe[1904] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01E00001
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\LEXBCES.EXE[1956] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\spoolsv.exe[1996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01BD0001
    .text C:\WINDOWS\system32\spoolsv.exe[1996] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\spoolsv.exe[1996] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00900001
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\LEXPPS.EXE[2004] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
     
    italianp16,
    #10
  12. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested cont (6)

    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006B0001
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[2064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[2260] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F4D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0026004C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F72
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260F8D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0026007A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260069
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00260095
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F06
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 002600A6
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260025
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F32
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260F17
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0035002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350011
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350062
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350051
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FCD
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360058
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0036002C
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360000
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360047
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360011
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02010FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02010FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02010FCD
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 0201001E
    .text C:\Program Files\Internet Explorer\iexplore.exe[2356] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02C80FEF
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
    .text C:\WINDOWS\ehome\ehtray.exe[2448] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\ehome\ehtray.exe[2448] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\WINDOWS\ehome\ehtray.exe[2448] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\WINDOWS\ehome\ehtray.exe[2448] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\ehome\ehtray.exe[2448] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\WINDOWS\ehome\ehtray.exe[2448] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\ehome\ehtray.exe[2448] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E90001
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe[2464] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C10001
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2544] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[2736] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Spyware Doctor\pctsSvc.exe[2772] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
     
    italianp16,
    #11
  13. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested cont (7)

    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\WLTRAY.exe[2780] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2856] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007F0001
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[2984] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[3032] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
    .text C:\WINDOWS\system32\hkcmd.exe[3068] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\system32\hkcmd.exe[3068] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\WINDOWS\system32\hkcmd.exe[3068] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\WINDOWS\system32\hkcmd.exe[3068] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\hkcmd.exe[3068] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\WINDOWS\system32\hkcmd.exe[3068] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\hkcmd.exe[3068] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003C0001
    .text C:\WINDOWS\system32\igfxpers.exe[3076] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\system32\igfxpers.exe[3076] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\WINDOWS\system32\igfxpers.exe[3076] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\WINDOWS\system32\igfxpers.exe[3076] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\igfxpers.exe[3076] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\WINDOWS\system32\igfxpers.exe[3076] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\igfxpers.exe[3076] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C00001
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3112] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B20001
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\Dell Support Center\bin\sprtcmd.exe[3152] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01EB0001
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\Dell Support Center\bin\sprtsvc.exe[3204] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
     
    italianp16,
    #12
  14. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested cont (8)

    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Documents and Settings\LeAnn\Desktop\GMER\ifbcqvs4.exe[3252] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[3256] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03D60001
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[3256] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[3256] kernel32.dll!CreateThread + 1B 7C8106F2 3 Bytes CALL 0044ACCE C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[3256] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Spyware Doctor\pctsTray.exe[3256] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] KERNEL32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe[3320] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00850001
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe[3432] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B00001
    .text C:\WINDOWS\system32\ctfmon.exe[3448] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\system32\ctfmon.exe[3448] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[3448] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\WINDOWS\system32\ctfmon.exe[3448] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\system32\ctfmon.exe[3448] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[3448] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[3448] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A007D
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0062
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0051
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0036
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0FAF
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00AE
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A0F5C
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F15
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F26
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0F04
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0F9E
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0000
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F6D
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A001B
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A0FCA
    .text C:\WINDOWS\system32\svchost.exe[3492] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A0F4B
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 0029001B
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029006C
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290FD4
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290000
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FAF
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00290051
    .text C:\WINDOWS\system32\svchost.exe[3492] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290036
    .text C:\WINDOWS\system32\svchost.exe[3492] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[3492] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
     
    italianp16,
    #13
  15. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested cont (9)

    .text C:\WINDOWS\system32\svchost.exe[3492] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0033
    .text C:\WINDOWS\system32\svchost.exe[3492] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0022
    .text C:\WINDOWS\system32\svchost.exe[3492] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0011
    .text C:\WINDOWS\system32\svchost.exe[3492] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0FE3
    .text C:\WINDOWS\system32\svchost.exe[3492] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FBC
    .text C:\WINDOWS\system32\svchost.exe[3492] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0000
    .text C:\WINDOWS\system32\svchost.exe[3492] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00970FE5
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\alg.exe[3588] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\System32\alg.exe[3588] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00870001
    .text C:\WINDOWS\System32\alg.exe[3588] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\System32\alg.exe[3588] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\System32\alg.exe[3588] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\svchost.exe[3724] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0000
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A009F
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A008E
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A0FAA
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0073
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0058
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A0F72
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A00BA
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A00F0
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F57
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A0101
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A0FD1
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A001B
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F8F
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A003D
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A002C
    .text C:\WINDOWS\system32\svchost.exe[3724] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00D5
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FB6
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00290F6F
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00290011
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00290000
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290F80
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00290FE5
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 0029002C
    .text C:\WINDOWS\system32\svchost.exe[3724] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290F9B
    .text C:\WINDOWS\system32\svchost.exe[3724] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\system32\svchost.exe[3724] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\system32\svchost.exe[3724] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 003E0025
    .text C:\WINDOWS\system32\svchost.exe[3724] msvcrt.dll!system 77C293C7 5 Bytes JMP 003E0F9A
    .text C:\WINDOWS\system32\svchost.exe[3724] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 003E0FC6
    .text C:\WINDOWS\system32\svchost.exe[3724] msvcrt.dll!_open 77C2F566 5 Bytes JMP 003E0000
    .text C:\WINDOWS\system32\svchost.exe[3724] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 003E0FAB
    .text C:\WINDOWS\system32\svchost.exe[3724] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 003E0FD7
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006B0001
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\ehome\mcrdsvc.exe[3844] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[3980] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001A0FEF
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001A0F81
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001A0F92
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001A006C
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001A0FB9
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001A0040
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001A00AE
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001A009D
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001A0F30
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001A0F4B
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001A00DA
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001A005B
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001A0FD4
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001A0F66
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001A0025
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001A000A
    .text C:\WINDOWS\Explorer.EXE[3980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001A00C9
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00290FDB
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 0029006C
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 0029002C
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 0029001B
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00290FB9
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 0029000A
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00290FCA
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [49, 88]
    .text C:\WINDOWS\Explorer.EXE[3980] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00290047
    .text C:\WINDOWS\Explorer.EXE[3980] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\WINDOWS\Explorer.EXE[3980] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\WINDOWS\Explorer.EXE[3980] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002A0FBE
    .text C:\WINDOWS\Explorer.EXE[3980] msvcrt.dll!system 77C293C7 5 Bytes JMP 002A0049
    .text C:\WINDOWS\Explorer.EXE[3980] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002A002E
    .text C:\WINDOWS\Explorer.EXE[3980] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002A0000
    .text C:\WINDOWS\Explorer.EXE[3980] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002A0FD9
    .text C:\WINDOWS\Explorer.EXE[3980] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 002A001D
    .text C:\WINDOWS\Explorer.EXE[3980] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 002C0FEF
    .text C:\WINDOWS\Explorer.EXE[3980] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 002C0FDE
    .text C:\WINDOWS\Explorer.EXE[3980] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 002C0FCD
    .text C:\WINDOWS\Explorer.EXE[3980] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 002C001E
    .text C:\WINDOWS\Explorer.EXE[3980] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01FB0FE5
     
    italianp16,
    #14
  16. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested cont (10)

    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F3C0F5A
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F350F5A
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [3A, 5F]
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
    .text C:\WINDOWS\eHome\ehmsas.exe[4660] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F3F0F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F66
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260F77
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F94
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00260051
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260036
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00260F2E
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00260076
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 002600AC
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260F13
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260EF8
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00260F4B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 0026001B
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 0026000A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00260091
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350025
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350065
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350014
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350054
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00350FB2
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [55, 88]
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FAF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0036003A
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] msvcrt.dll!_open 77C2F566 5 Bytes JMP 0036000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 00360029
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 00980FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 00980FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 00980014
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 00980FC3
    .text C:\Program Files\Internet Explorer\iexplore.exe[4900] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01D20FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2D, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [18, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [24, 5F] {AND AL, 0x5f}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0C, 5F] {OR AL, 0x5f}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [12, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [15, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [21, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0F, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [27, 5F] {DAA ; POP EDI}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1B, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1E, 5F] {PUSH DS; POP EDI}
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [2A, 5F]
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00260000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00260F8D
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00260082
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00260F9E
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0026005B
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00260025
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 002600D5
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 002600AE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 0026011C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00260101
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00260F68
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00260036
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00260FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0026009D
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00260FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00260FDE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 002600E6
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00350FCA
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00350F94
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00350011
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00350FDB
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00350FA5
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00350000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00350047
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00350036
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2151FD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F330F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DCB69 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2ED3AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E2543F6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2F0F5A
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E3C10 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E3B42 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E3BAD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E3A13 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E3A75 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E3C73 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E3AD7 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00360FAD
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] msvcrt.dll!system 77C293C7 5 Bytes JMP 00360FBE
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 0036001D
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00360FEF
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00360038
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] msvcrt.dll!_wopen 77C30055 5 Bytes JMP 0036000C
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 3E2ED408 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ole32.dll!OleLoadFromStream 77529C85 5 Bytes JMP 3E3E3F78 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] WININET.dll!InternetOpenA 3D95D688 5 Bytes JMP 02000FE5
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] WININET.dll!InternetOpenW 3D95DB01 5 Bytes JMP 02000000
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] WININET.dll!InternetOpenUrlA 3D95F39C 5 Bytes JMP 02000FD4
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] WININET.dll!InternetOpenUrlW 3D9A6F37 5 Bytes JMP 02000FB9
    .text C:\Program Files\Internet Explorer\iexplore.exe[5212] ws2_32.dll!socket 71AB4211 5 Bytes JMP 02C80000
     
    italianp16,
    #15
  17. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    logs requested #3 cont (11)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[216] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\services.exe[908] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\lsass.exe[920] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\lsass.exe[920] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\lsass.exe[920] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\lsass.exe[920] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\lsass.exe[920] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\lsass.exe[920] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\lsass.exe[920] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1112] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1180] @ c:\windows\system32\rpcss.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ c:\windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\System32\svchost.exe[1220] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1260] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1544] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1544] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1544] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1544] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1544] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1544] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1544] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1660] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1660] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1660] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1660] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1660] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1660] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[1660] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[2356] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3492] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3492] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3492] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3492] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3492] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3492] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\system32\svchost.exe[3724] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\WINDOWS\Explorer.EXE[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[4900] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [451F1ACB] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] 5F080000
    IAT C:\Program Files\Internet Explorer\iexplore.exe[5212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 5F080000

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

    Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

    ---- EOF - GMER 1.0.15 ----
     
    italianp16,
    #16
  18. 2009/09/03
    italianp16

    italianp16 Inactive Thread Starter

    Joined:
    2009/08/28
    Messages:
    16
    Likes Received:
    0
    requested log #4

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:43:22 AM, on 9/3/2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\WLTRYSVC.EXE
    C:\WINDOWS\System32\bcmwltry.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    C:\Program Files\McAfee\MPF\MPFSrv.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\Explorer.EXE
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\WLTRAY.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe "
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe "
    O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [McPvTray] C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe "
    O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe "
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
    O4 - HKCU\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\DOCUME~1\leann\LOCALS~1\temp\TEMPOR~1\Content.IE5\WJZYNS6Z.SH! c:\DOCUME~1\leann\LOCALS~1\temp\TEMPOR~1\Content.IE5\P4K7KNX1.SH! c:\DOCUME~1\leann\LOCALS~1\temp\TEMPOR~1\Content.SH! c:\DOCUME~1\leann\LOCALS~1\temp\TEMPOR~1.SH!
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKUS\S-1-5-21-861567501-1214440339-725345543-500\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup (User 'Administrator')
    O4 - HKUS\S-1-5-21-861567501-1214440339-725345543-500\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
    O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247346158625
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O20 - AppInit_DLLs: C:\WINDOWS\system32\yubihimo.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: MBackMonitor - McAfee - C:\Program Files\McAfee\MBK\MBackMonitor.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Common Files\Sonic Shared\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

    --
    End of file - 13550 bytes
     
    italianp16,
    #17
  19. 2009/09/03
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Malwarebytes log shows "No action taken" after each line.
    You need to either post correct log (after the fixes), or re-run 'Bytes.
     
    broni,
    #18

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...