Redirected to different websites when click on links     BullGuard Antivirus Forum > Virus > Virus Questions > Redirected to different websites when click on links   Forum Quick Jump Select A Location****** Top of the Forum ******==== Bullguard zone ====BullGuard Trial usersBullGuard CustomersBullGuard Gamer's Edition==== Virus ====Alerts & New ThreatsVirus Questions==== Virus Removal ====Removal ToolsRemoval Help==== General Security ====Updates and PatchesSpyware==== BETA Test ====BullGuard 9.0 Beta test   [ << Previous Thread | Next Thread >> ] mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-24-2009 12:59 (GMT +1)    I keep getting re-directed to different websites whenever I click on links and a new "FakeAlertDZ" virus keeps popping up in my On-Access scan messages. Here's my hijack this log, and any help would be appreciated. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:56:03 PM, on 10/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M285-E R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 10364 bytes Back to Top Jintan Senior Member Date Joined Dec 2006 Total Posts : 925      Posted 10-24-2009 2:11 (GMT +1)    Welcome to BG forums mgao29, Not seeing the malware here, though I don't doubt it is there. Let's get some different views first. To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Download RSIT (random's system information tool) from here to your desktop. Then click on the RSIT.exe to open the RSIT display, and click the Continue button. If necessary allow it to locate or download a copy of HijackThis as needed. Once the scan completes a textbox will open - copy/paste those contents here for review please. The log can also be found at C:\rsit\log.txt. RSIT will also create a second log, info.txt, which will be minimized to your taskbar. Post that here as well please (it will also be stored at C:\rsit\info.txt). You can break logs into parts and use separate posts here when replying and posting the log files, if needed. -------------- Also click here and download the installer for Gmer to your desktop, then click that file to run Gmer. If on it's opening scan Gmer locates items shown in red or indicates "hidden" or "rootkit", stop there, and click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. We don't want any crashes just from taking an initial look at things. If not, then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please. Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives. Back to Top mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-24-2009 2:19 (GMT +1)    RSIT log: Logfile of random's system information tool 1.06 (written by random/random) Run by Maria_2 at 2009-10-23 20:15:21 Microsoft Windows XP Professional Service Pack 3 System drive C: has 40 GB (56%) free of 70 GB Total RAM: 1014 MB (32% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 8:15:27 PM, on 10/23/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\SYSTEM32\WISPTIS.EXE C:\WINDOWS\System32\tabbtnu.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\sm56hlpr.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Maria_2\Desktop\RSIT.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Trend Micro\HijackThis\Maria_2.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Professional&Br=GTW&Loc=ENG_US&Sys=PTB&M=M285-E R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll O4 - HKLM\..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe O4 - HKLM\..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [Snippet] "C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe" /i O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKUS\S-1-5-19\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [TabletWizard] %windir%\help\wizard.hta (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user') O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633 O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Browser Defender Update Service - Threat Expert Ltd. - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe -- End of file - 10255 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\AppleSoftwareUpdate.job C:\WINDOWS\tasks\ISP signup reminder 2.job C:\WINDOWS\tasks\ISP signup reminder 3.job C:\WINDOWS\tasks\Symantec NetDetect.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}] PC Tools Browser Guard BHO - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}] scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll [2009-01-27 58688] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll [2009-09-19 762864] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-07-25 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-07-25 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll [2009-10-08 395216] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "TabletWizard"=C:\WINDOWS\help\SplshWrp.exe [2008-04-13 16384] "TabletTip"=C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe [2008-04-13 271872] "RemoteControl"=C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2005-01-12 32768] "SynTPLpr"=C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [2004-11-05 98394] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2004-11-05 688218] "Reminder"=C:\WINDOWS\Creator\Remind_XP.exe [2005-02-25 966656] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2005-10-12 139264] "Snippet"=C:\Program Files\Microsoft Experience Pack\Snipping Tool\SnippingTool.exe [2005-02-25 68296] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-02-13 282624] "SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2006-01-20 544768] "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-11-28 98304] "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-11-28 77824] "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-11-28 118784] "IntelZeroConfig"=C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [2005-12-28 667718] "IntelWireless"=C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [2005-12-28 602182] "ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-01-27 111952] "McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-11-04 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-11-20 290088] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-07-25 149280] "SpyHunter Security Suite"=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe [2009-09-30 866200] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-12 68856] "MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232] "SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-10-22 2000112] C:\Documents and Settings\All Users\Start Menu\Programs\Startup Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE C:\Documents and Settings\Maria_2\Start Menu\Programs\Startup Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon] C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL [2009-10-22 548352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\WINDOWS\system32\igfxdev.dll [2005-11-28 135168] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\loginkey] C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll [2008-04-13 47104] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\TabBtnWL] C:\WINDOWS\system32\TabBtnWL.dll [2002-08-29 11776] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\tpgwlnotify] C:\WINDOWS\system32\tpgwlnot.dll [2008-04-13 32256] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableProfileQuota"=1 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour" "C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes" "C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe"="C:\Program Files\CambridgeSoft\ChemOffice2008\ChemDraw\ChemDraw.exe:*:Enabled:ChemDraw Ultra 11.0.1" "C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"="C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player " [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24f8aa15-c180-11db-94dd-806d6172696f}] shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480 ======List of files/folders created in the last 1 months====== 2009-10-23 20:15:21 ----D---- C:\rsit 2009-10-23 19:05:13 ----D---- C:\Program Files\Enigma Software Group 2009-10-23 17:04:53 ----D---- C:\Documents and Settings\Maria_2\Application Data\AVG8 2009-10-22 17:08:45 ----A---- C:\WINDOWS\BDTSupport.dll 2009-10-22 17:08:44 ----A---- C:\WINDOWS\SGDetectionTool.dll 2009-10-22 17:08:44 ----A---- C:\WINDOWS\PCTBDRes.dll 2009-10-22 17:08:44 ----A---- C:\WINDOWS\PCTBDCore.dll 2009-10-22 17:05:53 ----D---- C:\Program Files\Common Files\PC Tools 2009-10-22 17:05:52 ----D---- C:\Program Files\Spyware Doctor 2009-10-22 17:05:52 ----D---- C:\Documents and Settings\Maria_2\Application Data\PC Tools 2009-10-22 17:05:52 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools 2009-10-22 00:31:33 ----D---- C:\Program Files\ESET 2009-10-13 21:11:21 ----HDC---- C:\WINDOWS\$NtUninstallKB958869$ 2009-10-13 19:04:25 ----HDC---- C:\WINDOWS\$NtUninstallKB969059$ 2009-10-13 19:04:15 ----HDC---- C:\WINDOWS\$NtUninstallKB954155_WM9$ 2009-10-13 19:04:08 ----HDC---- C:\WINDOWS\$NtUninstallKB974112$ 2009-10-13 19:03:57 ----HDC---- C:\WINDOWS\$NtUninstallKB975025$ 2009-10-13 19:03:38 ----HDC---- C:\WINDOWS\$NtUninstallKB974571$ 2009-10-13 19:02:16 ----HDC---- C:\WINDOWS\$NtUninstallKB971486$ 2009-10-13 19:01:52 ----HDC---- C:\WINDOWS\$NtUninstallKB973525$ 2009-10-13 19:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB953295$ 2009-10-13 19:00:34 ----HDC---- C:\WINDOWS\$NtUninstallKB975467$ ======List of files/folders modified in the last 1 months====== 2009-10-23 20:15:20 ----D---- C:\WINDOWS\Temp 2009-10-23 20:15:11 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2009-10-23 20:10:19 ----D---- C:\QUARANTINE 2009-10-23 19:21:22 ----D---- C:\Program Files\Mozilla Firefox 2009-10-23 19:05:19 ----D---- C:\WINDOWS\system32 2009-10-23 19:05:13 ----RD---- C:\Program Files 2009-10-23 18:45:27 ----D---- C:\WINDOWS\Prefetch 2009-10-23 18:41:44 ----D---- C:\WINDOWS 2009-10-23 18:39:52 ----A---- C:\WINDOWS\ntbtlog.txt 2009-10-23 18:39:37 ----D---- C:\WINDOWS\system32\CatRoot2 2009-10-23 17:41:47 ----A---- C:\WINDOWS\SchedLgU.Txt 2009-10-23 17:22:17 ----D---- C:\WINDOWS\system32\drivers 2009-10-23 17:22:16 ----D---- C:\Program Files\AVG 2009-10-23 17:21:55 ----D---- C:\Documents and Settings\All Users\Application Data\avg8 2009-10-22 17:38:30 ----SHD---- C:\WINDOWS\Installer 2009-10-22 17:38:29 ----D---- C:\WINDOWS\WinSxS 2009-10-22 17:31:16 ----D---- C:\Program Files\SUPERAntiSpyware 2009-10-22 17:05:53 ----D---- C:\Program Files\Common Files 2009-10-22 00:36:50 ----D---- C:\Avenger 2009-10-21 21:40:12 ----D---- C:\WINDOWS\system32\config 2009-10-21 21:39:41 ----D---- C:\WINDOWS\system32\wbem 2009-10-21 21:39:39 ----D---- C:\WINDOWS\Registration 2009-10-21 20:55:56 ----D---- C:\Program Files\CleanUp! 2009-10-13 21:36:08 ----RSHDC---- C:\WINDOWS\system32\dllcache 2009-10-13 21:25:48 ----RSD---- C:\WINDOWS\assembly 2009-10-13 21:22:14 ----D---- C:\WINDOWS\Microsoft.Net 2009-10-13 21:17:31 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2009-10-13 21:12:12 ----HD---- C:\WINDOWS\inf 2009-10-13 21:11:59 ----D---- C:\Program Files\Internet Explorer 2009-10-13 21:11:35 ----HD---- C:\WINDOWS\$hf_mig$ 2009-10-13 21:11:32 ----A---- C:\WINDOWS\imsins.BAK 2009-10-11 13:59:39 ----D---- C:\Documents and Settings\Maria_2\Application Data\Move Networks 2009-10-02 13:01:57 ----A---- C:\WINDOWS\system32\MRT.exe 2009-10-01 16:48:58 ----D---- C:\WINDOWS\Help ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352] R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592] R1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [] R1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-01-27 52168] R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [] R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [] R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.9.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2007-02-21 21275] R2 CVPNDRVA;Cisco Systems Inc. IPSec Driver; \??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [] R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2005-12-28 13568] R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-13 13952] R3 DNE;Deterministic Network Enhancer Miniport; C:\WINDOWS\system32\DRIVERS\dne2000.sys [2006-10-02 126864] R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2005-09-14 179200] R3 FinePnt;FinePoint Innovations HID Driver; C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys [2005-07-06 17280] R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464] R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-11-28 1353820] R3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-01-27 65000] R3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-01-27 73512] R3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-01-27 34408] R3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-01-27 177864] R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160] R3 MSTabBtn;Tablet PC Buttons HID Driver; C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys [2005-07-26 9600] R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824] R3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [] R3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-20 862340] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-02-13 1106888] R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2004-11-05 185824] R3 tifm21;tifm21; C:\WINDOWS\system32\drivers\tifm21.sys [2005-09-20 162432] R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2005-12-05 1428096] S3 CVirtA;Cisco Systems VPN Adapter; C:\WINDOWS\system32\DRIVERS\CVirtA.sys [2005-05-17 5315] S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver; C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 69692] S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-13 79232] S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2008-11-07 32000] S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] S3 vsdatant;vsdatant; \??\C:\WINDOWS\system32\vsdatant.sys [] S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-06-03 611664] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-11-07 132424] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888] R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe [2009-10-08 112592] R2 CVPND;Cisco Systems, Inc. VPN Service; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [2006-11-10 1504304] R2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [2005-12-28 114753] R2 IAANTMon;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe [2005-10-12 86140] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-07-25 153376] R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000] R2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2009-01-27 144704] R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-01-27 54608] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2007-02-21 196608] R2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [2005-12-28 217164] R2 S24EventMonitor;Intel(R) PROSet/Wireless Service; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [2005-12-28 540745] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-11-20 536872] S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-05 137200] S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2009-09-23 358600] S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2009-09-23 1141200] S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408] S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF----------------- Back to Top mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-24-2009 2:20 (GMT +1)    RSIT info: info.txt logfile of random's system information tool 1.06 2009-10-23 20:15:30 ======Uninstall list====== -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Ad-Aware SE Professional-->C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Flash Player 9 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000} Agilix GoBinder Lite-->MsiExec.exe /I{5E71102C-2CEB-4C8B-99D3-D33B9741EEDA} Apple Mobile Device Support-->MsiExec.exe /I{EC4455AB-F155-4CC1-A4C5-88F3777F9886} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959} Browser Address Error Redirector-->regsvr32 /u /s "c:\windows\system32\BAE.dll" Browser Defender 2.0.6.10-->"C:\Program Files\Spyware Doctor\BDT\unins000.exe" CambridgeSoft Activation Client-->MsiExec.exe /I{863F58EF-467F-4BCC-A40B-D2304630DEA1} CambridgeSoft ChemDraw Ultra 11.0-->C:\Program Files\InstallShield Installation Information\{5E971881-1924-48D1-9C16-AB7AD61FEFF3}\setup.exe -runfromtemp -l0x0409 Chinese (Simplified) Language Support-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\cn.inf, Uninstall Cisco Systems VPN Client 4.8.02.0010-->MsiExec.exe /X{176130BC-99A1-41FE-A78B-56045E33AD70} CleanUp!-->C:\Program Files\CleanUp!\uninstall.exe Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe" DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN DVD Solution-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_0531C63A913CC9D1.exe" /uninstall gtw_logo-->C:\WINDOWS\system32\gtw_logo.scr /UNINSTALL "C:\WINDOWS\system32\gtw_logo.log" High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe" HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe" Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe" Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe" Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe" Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe" Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Ink Art-->MsiExec.exe /I{1FBEE61B-F90E-4EE3-AE94-FCB8BD6EC443} Intel Matrix Storage Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Setup.exe" -l0409 -INTELUNINST Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2 Intel(R) PRO Network Connections Drivers-->Prounstl.exe Intel(R) PROSet/Wireless Software-->C:\WINDOWS\Installer\iProInst.exe InterActual Player-->C:\Program Files\InterActual\InterActual Player\inuninst.exe iTunes-->MsiExec.exe /I{318AB667-3230-41B5-A617-CB3BF748D371} Java 2 Runtime Environment, SE v1.4.2-->MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142000} Java(TM) 6 Update 15-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216013FF} LiveReg (Symantec Corporation)-->C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe /REMOVE LiveUpdate 2.6 (Symantec Corporation)-->C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U Malwarebytes' Anti-Malware-->"C:\Program Files\Maria\unins000.exe" McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65} mCore-->MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779} mDriver-->MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29} mDrWiFi-->MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49} MestReC 4.7.0-->"C:\Program Files\MestRe-C\unins000.exe" mHelp-->MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68} Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe" Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe" Microsoft Education Pack for Windows XP Tablet PC Edition-->MsiExec.exe /I{40FFC202-F842-44C7-ACBE-8B0EA690B1A3} Microsoft Energy Blue Theme Pack-->MsiExec.exe /I{FA7314E7-9428-4866-80A8-762A538444DB} Microsoft Experience Pack for Tablet PC-->MsiExec.exe /I{C12EB29D-9D64-4ACA-84C2-33D8729AABD3} Microsoft Ink Crossword-->MsiExec.exe /I{1759CACC-6CF9-4C3C-92C5-39668679AB17} Microsoft Ink Desktop-->MsiExec.exe /I{0759CACC-6CF9-4C3C-92C5-39668679AB16} Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe" Microsoft Media Transfer-->MsiExec.exe /X{F6C2D09F-6C82-48BB-A9D5-6A0478F52BD6} Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe" Microsoft Office OneNote 2003-->MsiExec.exe /I{91A10409-6000-11D3-8CFE-0150048383C9} Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9} Microsoft Snipping Tool 2.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8853C080-7F5C-4020-B663-C57FE29BB858}\setup.exe" -l0x9 -removeonly Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe" Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIWA-->MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F} mLogView-->MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7} mMHouse-->MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5} Motorola SM56 Data Fax Modem-->rundll32.exe sm56co.dll,SM56UnInstaller Mozilla Firefox (3.0.14)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe mPfMgr-->MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5} mPfWiz-->MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9} mProSafe-->MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} mWlsSafe-->MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4} mXML-->MsiExec.exe /I{9CC89556-3578-48DD-8408-04E66EBEF401} mZConfig-->MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023} Power2Go 4.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall PowerExes Pack 1.2-->"C:\Program Files\PowerExes Pack\unins000.exe" QuickTime-->MsiExec.exe /I{F958CA02-BB40-4007-894B-258729456EE4} Security Update for Windows Internet Explorer 7 (KB933566)-->"C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB937143)-->"C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB939653)-->"C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe" Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe" Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB911565)-->"C:\WINDOWS\$NtUninstallKB911565$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe" Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe" Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe" Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe" Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe" Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe" Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe" Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe" Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe" Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe" Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe" Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe" Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe" Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe" Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe" Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe" Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe" Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe" Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe" Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe" Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe" Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe" Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe" Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe" Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe" Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe" Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe" Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe" Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe" Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe" Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe" Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe" Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe" Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe" Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe" Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe" Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe" Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe" Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe" Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe" Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe" Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe" Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe" Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe" Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe" Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe" Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe" Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe" Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe" Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)-->MsiExec.exe /X{64F3B15C-24C7-4B2B-9B72-65CCBBD7F06B} SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly SpyHunter-->"C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u Spyware Doctor 7.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG SUPERAntiSpyware Free Edition-->MsiExec.exe /X{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA} Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall Tablet PC Tutorials for Microsoft Windows XP SP2-->MsiExec.exe /X{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8} Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe" Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe" Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe" Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe" Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe" Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe" Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe" Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe" Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe" Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe" Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe" WinPhlash-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Phoenix Technologies Ltd\WinPhlash\Uninst.isu" Wolfram Mathematica 7 for Students (M-WIN-G 7.0.1 1213989)-->"C:\Program Files\Wolfram Research\Mathematica\7.0\SystemFiles\UninstallFiles\Windows\unins000.exe" Wolfram Notebook Indexer 2.0-->MsiExec.exe /I{FB9607C0-17B8-42B8-BB99-A1C9F7038363} ======Hosts File====== 127.0.0.1 localhost ======Security center information====== AV: VirusScan Enterprise + AntiSpyware Enterprise ======System event log====== Computer Name: GAO Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001302391579. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 19071 Source Name: Dhcp Time Written: 20090818231628.000000-300 Event Type: warning User: Computer Name: GAO Event Code: 1000 Message: Your computer has lost the lease to its IP address 172.16.1.35 on the Network Card with network address 001302391579. Record Number: 19033 Source Name: Dhcp Time Written: 20090818123151.000000-300 Event Type: error User: Computer Name: GAO Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001302391579. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 19032 Source Name: Dhcp Time Written: 20090818123151.000000-300 Event Type: warning User: Computer Name: GAO Event Code: 1000 Message: Your computer has lost the lease to its IP address 172.16.1.33 on the Network Card with network address 001302391579. Record Number: 19000 Source Name: Dhcp Time Written: 20090817235109.000000-300 Event Type: error User: Computer Name: GAO Event Code: 1003 Message: Your computer was not able to renew its address from the network (from the DHCP Server) for the Network Card with network address 001302391579. The following error occurred: The semaphore timeout period has expired. . Your computer will continue to try and obtain an address on its own from the network address (DHCP) server. Record Number: 18999 Source Name: Dhcp Time Written: 20090817235109.000000-300 Event Type: warning User: =====Application event log===== Computer Name: GAO Event Code: 1000 Message: Faulting application acrord32.exe, version 7.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x2400766b. Record Number: 5025 Source Name: Application Error Time Written: 20090303211808.000000-360 Event Type: error User: Computer Name: GAO Event Code: 1002 Message: Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 5019 Source Name: Application Hang Time Written: 20090302185524.000000-360 Event Type: error User: Computer Name: GAO Event Code: 1002 Message: Hanging application firefox.exe, version 1.9.0.3306, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 5018 Source Name: Application Hang Time Written: 20090302183202.000000-360 Event Type: error User: Computer Name: GAO Event Code: 1002 Message: Hanging application WINWORD.EXE, version 10.0.2627.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 5014 Source Name: Application Hang Time Written: 20090301213239.000000-360 Event Type: error User: Computer Name: GAO Event Code: 1002 Message: Hanging application WINWORD.EXE, version 10.0.2627.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Record Number: 5013 Source Name: Application Hang Time Written: 20090301201815.000000-360 Event Type: error User: ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\ "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel "PROCESSOR_REVISION"=0e08 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection "DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection "CLASSPATH"=.;C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\j2re1.4.2\lib\ext\QTJava.zip -----------------EOF----------------- Back to Top mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-24-2009 2:47 (GMT +1)    about how long is the gmer scan supposed to take? Back to Top mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-24-2009 4:25 (GMT +1)    And here's the gmer scan. Also, I don't know if this helps any, but it says the deleted virus' were in my c:\windows\temp file and were used by the svchost.exe application. GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-10-23 22:22:20 Windows 5.1.2600 Service Pack 3 Running: 5wgbty6q.exe; Driver: C:\DOCUME~1\Maria_2\LOCALS~1\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7367E22] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7348CDC] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7348ECE] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7368610] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF73688C4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) Z!!!enKey [0xF7366B14] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7368D30] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF73680E2] SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0x9B2330B0] ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\svchost.exe[160] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01890001 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[216] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[216] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[216] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[216] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[216] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01230001 .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[248] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[248] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[248] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[248] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[248] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\WINDOWS\system32\svchost.exe[288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001 .text C:\WINDOWS\stsystra.exe[392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01B90001 .text C:\WINDOWS\stsystra.exe[392] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\WINDOWS\stsystra.exe[392] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\stsystra.exe[392] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[392] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\WINDOWS\stsystra.exe[392] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\WINDOWS\sm56hlpr.exe[412] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013F0001 .text C:\WINDOWS\sm56hlpr.exe[412] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\WINDOWS\sm56hlpr.exe[412] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\sm56hlpr.exe[412] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[412] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\WINDOWS\sm56hlpr.exe[412] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03B80001 .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[428] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[428] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[428] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[428] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[428] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001 .text C:\WINDOWS\system32\hkcmd.exe[456] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01780001 .text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\WINDOWS\system32\hkcmd.exe[456] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Bonjour\mDNSResponder.exe[504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001 .text C:\WINDOWS\system32\igfxpers.exe[552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01900001 .text C:\WINDOWS\system32\igfxpers.exe[552] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\WINDOWS\system32\igfxpers.exe[552] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\igfxpers.exe[552] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[552] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\WINDOWS\system32\igfxpers.exe[552] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EE0001 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[604] kernel32.dll!LoadLibraryExW + C4 7C801BB9 2 Bytes CALL 01810001 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[604] kernel32.dll!LoadLibraryExW + C7 7C801BBC 1 Byte [85] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[604] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[604] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[604] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[604] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[604] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01580001 .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0CAB0001 .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[628] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F360F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[628] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[628] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[628] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [34, 5F] {XOR AL, 0x5f} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[628] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F390F5A .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01840001 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[692] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[692] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[692] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[692] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[692] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01E60001 .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[708] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[708] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[708] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[708] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[708] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01CD0001 .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[744] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[744] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[744] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[744] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[744] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\iTunes\iTunesHelper.exe[808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01890001 .text C:\Program Files\iTunes\iTunesHelper.exe[808] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\iTunes\iTunesHelper.exe[808] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[808] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[808] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[808] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001 .text C:\Program Files\Java\jre6\bin\jusched.exe[876] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[876] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[876] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[876] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[876] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[924] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01720001 .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[924] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[924] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[924] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[924] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[924] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001 .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[964] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[964] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[964] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[964] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe[964] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C70001 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[972] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[972] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[972] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[972] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[972] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01310001 .text C:\Program Files\Messenger\msmsgs.exe[1028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001 .text C:\Program Files\Messenger\msmsgs.exe[1028] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Messenger\msmsgs.exe[1028] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Messenger\msmsgs.exe[1028] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[1028] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Messenger\msmsgs.exe[1028] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[1052] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001 .text C:\Program Files\Java\jre6\bin\jqs.exe[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01660001 .text C:\WINDOWS\System32\alg.exe[1140] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001 .text C:\WINDOWS\System32\alg.exe[1140] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\alg.exe[1140] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[1140] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[1140] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\alg.exe[1140] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\tabbtnu.exe[1156] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001 .text C:\WINDOWS\System32\tabbtnu.exe[1156] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\WINDOWS\System32\tabbtnu.exe[1156] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\System32\tabbtnu.exe[1156] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\tabbtnu.exe[1156] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\WINDOWS\System32\tabbtnu.exe[1156] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017D0001 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1240] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1240] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1240] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1240] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[1240] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[1252] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 023A0001 .text C:\WINDOWS\system32\csrss.exe[1268] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 019D0001 .text C:\WINDOWS\system32\winlogon.exe[1292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01410001 .text C:\WINDOWS\system32\services.exe[1340] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001 .text C:\WINDOWS\system32\lsass.exe[1352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01500001 .text ... .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1392] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1392] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1392] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1392] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1392] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02330001 .text C:\WINDOWS\system32\svchost.exe[1528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F30001 .text C:\WINDOWS\Explorer.EXE[1572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02BF0001 .text C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01430001 .text C:\WINDOWS\System32\svchost.exe[1672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01380001 .text ... .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\WINDOWS\system32\ctfmon.exe[2028] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[2152] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 018B0001 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[2320] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001 .text C:\Program Files\iPod\bin\iPodService.exe[2492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008A0001 .text C:\Program Files\iPod\bin\iPodService.exe[2492] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\iPod\bin\iPodService.exe[2492] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\iPod\bin\iPodService.exe[2492] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[2492] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[2492] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[2504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01150001 .text C:\Program Files\McAfee\Common Framework\McTray.exe[2504] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F350F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[2504] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F2E0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[2504] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[2504] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [33, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[2504] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F380F5A .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2748] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01030001 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[3104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01360001 .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001 .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Mozilla Firefox\firefox.exe[3304] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[3652] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001 .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[5092] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001 .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[5092] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[5092] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[5092] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[5092] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[5092] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) Device \Driver\iaStor \Device\Ide\iaStor0 [F74267A4] IASTOR.SYS[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]} Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 [F74267A4] IASTOR.SYS[unknown section] {MOV EAX, [0xffdf0308]; JMP [EAX+0xfc]} Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1 ---- Files - GMER 1.0.15 ---- File C:\WINDOWS\system32\drivers\IASTOR.SYS suspicious modification ---- EOF - GMER 1.0.15 ---- Back to Top Jintan Senior Member Date Joined Dec 2006 Total Posts : 925      Posted 10-24-2009 11:28 (GMT +1)    The Gmer scan shows what "might" be an actual Master Boot Record (MBR) infector, but it may also be system files altered in some way. Let's go right to a type of scan that has been known to address both. Download Dr.Web CureIt! from here to your Desktop. When you have done this, boot into safe mode (restart your computer and tap F8 continuously as it restarts) Doubleclick the drweb-cureit.exe file. Click on Start and Ok and allow it to run the express scan. This is a short scan and will scan all files currently running in memory. If something is found, click the Yes button when it asks you if you want to cure it. Once the short scan has finished, click on Custom Scan and choose the drives that you want to scan. Click on the drive to select it. A red dot shows which drives have been chosen (if only one drive you will not be shown these options). Click the green arrow > to the right and the scan will begin. At the first sign of infection, Select 'Yes to all' if it asks if you want to cure/move the file. When the scan has finished, click the "Select all" button and then click on the Move button. This will move any infected files to the %userprofile%\DoctorWeb\quarantine folder. Next and this is important, from the main Dr.Web CureIt menu (top left), click File and choose save report list and save the report to your desktop. The report will be called DrWeb.csv and it can be opened in Notepad. Close Cureit and restart your computer to completely remove any stubborn files. You may get a message saying "No operations performed with some objects in list. Exit program". If so, click "Yes" (You may get a popup offering you a discount if you purchase DrWeb AntiVirus. You may or may not wish to take advantage of this offer later but for now, just close the popup and wait for the scan to finish). Please post the log in this thread. Also run a new Gmer scan at that time and post that log too please. FYI - the time of a Gmer scan truly varies. So can be fairly quick, or take quite a while to complete. Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives. Back to Top mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-25-2009 1:48 (GMT +1)    I can't seem to start it in safe mode. I've done it before in the past but this time it just says it can't do it. Should I still follow the steps? Back to Top Jintan Senior Member Date Joined Dec 2006 Total Posts : 925      Posted 10-25-2009 2:40 (GMT +1)    Yes, for now do the steps in normal mode. The hope is that Dr. Web will recognize and "heal" the altered file(s). Click here and help my friend help stop leukemia, lymphoma, Hodgkin lymphoma and myeloma from taking more lives. Back to Top mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-27-2009 2:39 (GMT +1)    Here's the DrWeb log file: Process in memory: C:\WINDOWS\Explorer.EXE:228;;BackDoor.Tdss.565;Eradicated.; yrmg.tmp;C:\WINDOWS\temp;Trojan.Packed.682;Deleted.; UIUC_VirusScan_80i.exe\avtemp/setup.exe;C:\My Backup -- 07-02-20 1153PM\Temp\VirusScan\UIUC_VirusScan_80i.exe;Trojan.Bomgen;; UIUC_VirusScan_80i.exe;C:\My Backup -- 07-02-20 1153PM\Temp\VirusScan;Archive contains infected objects;Moved.; TFWAH.dll;C:\Program Files\Spyware Doctor\TFEngine;Probably DLOADER.Trojan;Moved.; A0062625.old;C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP173;Probably DLOADER.Trojan;Moved.; A0062911.exe\avtemp/setup.exe;C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP175\A0062911.exe;Trojan.Bomgen;; A0062911.exe;C:\System Volume Information\_restore{736B8453-93FE-477D-9F4C-E9DBA07C5B6E}\RP175;Archive contains infected objects;Moved.; Back to Top mgao29 New Member Date Joined Oct 2009 Total Posts : 12      Posted 10-27-2009 8:03 (GMT +1)    Right after I did the Dr. Web cure it, I did a virus scan using a university's virus scan CD, and then did gmer scan. Hopefully, that didn't cause too much of a change. Then, I did a google search, but the same problem persists. However, I did search my problem and found that people with the same problem used ComboFix to solve it. Should I try that? Anyway, here's the scan: GMER 1.0.15.15163 - http://www.gmer.net Rootkit scan 2009-10-27 01:59:51 Windows 5.1.2600 Service Pack 3 Running: 5wgbty6q.exe; Driver: C:\DOCUME~1\Maria_2\LOCALS~1\Temp\pxtdqpow.sys ---- System - GMER 1.0.15 ---- SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF72A7E22] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7288CDC] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7288ECE] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF72A8610] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF72A88C4] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) Z!!!enKey [0xF72A6B14] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF72A8D30] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF72A80E2] SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7288982] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x9D568271] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x9D56822F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x9D568287] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x9D56825B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP 9D56825F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2004 7 Bytes JMP 9D568275 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E12 5 Bytes JMP 9D56828B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E8 7 Bytes JMP 9D568233 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013E0001 .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe[228] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01750001 .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe[276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001 .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Java\jre6\bin\jqs.exe[304] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01660001 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 020E0000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 020E0062 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 020E0F6D .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 020E0051 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 023B0001 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 020E0F94 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 020E002C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 020E0F24 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 020E0F41 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 020E0F02 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 020E009B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 020E0EDD .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 020E0FA5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 020E0FDB .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 020E0F5C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreateNamedPipeW 7C82F0DD 3 Bytes JMP 020E001B .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreateNamedPipeW + 4 7C82F0E1 1 Byte [85] .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 020E0FCA .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 020E0F13 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 020D0FB2 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 020D004A .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 020D0FCD .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 020D0FDE .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 020D0039 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 020D0FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 020D001E .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 020D0F97 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 020C001D .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] msvcrt.dll!system 77C293C7 5 Bytes JMP 020C0F92 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 020C0FC8 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] msvcrt.dll!_open 77C2F566 5 Bytes JMP 020C0FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 020C0FAD .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 020C000C .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] WS2_32.dll!socket 71AB4211 5 Bytes JMP 020B0FEF .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 020A0000 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 020A0FE5 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 020A0FD4 .text C:\Program Files\McAfee\Common Framework\FrameworkService.exe[324] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 020A0FC3 .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001 .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe[376] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe[380] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01600001 .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008A0001 .text C:\Program Files\iPod\bin\iPodService.exe[400] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\iPod\bin\iPodService.exe[400] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\iPod\bin\iPodService.exe[400] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\iPod\bin\iPodService.exe[400] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\iPod\bin\iPodService.exe[400] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe[440] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02170001 .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[592] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01170001 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0103000A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01030F94 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01030FAF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01030FC0 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01030FD1 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01030058 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01030F4B .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01030F68 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01030F01 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 01030F26 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 01030EF0 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 01030073 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01030025 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 01030F83 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01030047 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01030036 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 010300A4 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01020FC7 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01020058 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01020022 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01020011 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01020047 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01020000 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01020FA5 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [22, 89] .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01020FB6 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01010F8B .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] msvcrt.dll!system 77C293C7 5 Bytes JMP 01010016 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01010FC1 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01010FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01010FA6 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 01010FDE .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] WS2_32.dll!socket 71AB4211 5 Bytes JMP 01000FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00FF0FEF .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00FF000A .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00FF0FD4 .text C:\Program Files\McAfee\Common Framework\naPrdMgr.exe[600] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00FF0FC3 .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe[620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007A0001 .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Spyware Doctor\pctsAuxs.exe[672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001 .text C:\Program Files\Spyware Doctor\pctsSvc.exe[712] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools) .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[788] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00AD0000 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00AD006C .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00AD0F77 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00AD0F94 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BC0001 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00AD0051 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00AD0036 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00AD0F55 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00AD009D .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00AD0F15 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00AD0F3A .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00AD0EFA .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00AD0FAF .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00AD0FDB .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00AD0F66 .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00AD001B .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00AD0FCA .text C:\WINDOWS\system32\svchost.exe[788] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00AD00B8 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00AC0047 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00AC0062 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00AC002C .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00AC0011 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00AC0F9B .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00AC0000 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00AC0FC0 .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [CC, 88] .text C:\WINDOWS\system32\svchost.exe[788] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00AC0FD1 .text C:\WINDOWS\system32\svchost.exe[788] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AB0F7F .text C:\WINDOWS\system32\svchost.exe[788] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AB0F9A .text C:\WINDOWS\system32\svchost.exe[788] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AB0FC6 .text C:\WINDOWS\system32\svchost.exe[788] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AB0FE3 .text C:\WINDOWS\system32\svchost.exe[788] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AB0FAB .text C:\WINDOWS\system32\svchost.exe[788] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 00AB0000 .text C:\WINDOWS\system32\svchost.exe[788] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00AA0FEF .text C:\WINDOWS\system32\svchost.exe[788] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00AA0FDE .text C:\WINDOWS\system32\svchost.exe[788] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00AA0014 .text C:\WINDOWS\system32\svchost.exe[788] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00AA0025 .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\csrss.exe[936] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\csrss.exe[936] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 015B0001 .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\winlogon.exe[960] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\winlogon.exe[960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017C0001 .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\services.exe[1008] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 01120FEF .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01120062 .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01120051 .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01120040 .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013D0001 .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0112002F .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01120F97 .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0112009F .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 0112008E .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01120F21 .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011200BA .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011200D5 .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 0112001E .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 01120FDE .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 0112007D .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 01120FBC .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 01120FCD .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WinExec 7C86250D 3 Bytes JMP 01120F3C .text C:\WINDOWS\system32\services.exe[1008] kernel32.dll!WinExec + 4 7C862511 1 Byte [84] .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01110FCD .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01110079 .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01110FDE .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01110014 .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01110054 .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01110FEF .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01110FB2 .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [31, 89] .text C:\WINDOWS\system32\services.exe[1008] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 01110043 .text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 01100F86 .text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!system 77C293C7 5 Bytes JMP 01100FA1 .text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 01100FCD .text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_open 77C2F566 5 Bytes JMP 01100FEF .text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 01100FB2 .text C:\WINDOWS\system32\services.exe[1008] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 01100FDE .text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 010E0000 .text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 010E001B .text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 010E0FEF .text C:\WINDOWS\system32\services.exe[1008] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 010E0040 .text C:\WINDOWS\system32\services.exe[1008] WS2_32.dll!socket 71AB4211 5 Bytes JMP 010F0FE5 .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\lsass.exe[1020] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 011A000A .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 011A0F92 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 011A0087 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 011A0FA3 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 011A0062 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 011A0040 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 011A00C9 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 011A00AE .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 011A00F5 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 011A0F5C .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 011A0110 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 011A0051 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 011A0025 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 011A0F77 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 011A0FD4 .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 011A0FEF .text C:\WINDOWS\system32\lsass.exe[1020] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 011A00DA .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 01190FB9 .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 01190F79 .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 01190FCA .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 01190000 .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 01190036 .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 01190FE5 .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 01190F94 .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [39, 89] .text C:\WINDOWS\system32\lsass.exe[1020] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 0119001B .text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00FF0FB7 .text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!system 77C293C7 5 Bytes JMP 00FF0FD2 .text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00FF0FE3 .text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00FF0000 .text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00FF0038 .text C:\WINDOWS\system32\lsass.exe[1020] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 00FF001D .text C:\WINDOWS\system32\lsass.exe[1020] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E60FEF .text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E50FEF .text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E5000A .text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E50025 .text C:\WINDOWS\system32\lsass.exe[1020] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E50FCA .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00E7000A .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00E70087 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00E70F88 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00E70F99 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B10001 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00E70062 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00E70051 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00E70F50 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00E70098 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00E700C4 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00E70F2B .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00E700DF .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00E70FC0 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00E70FEF .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00E70F6D .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00E70036 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00E70025 .text C:\WINDOWS\system32\svchost.exe[1180] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00E700A9 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00E60022 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00E6007A .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00E60FD1 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00E60011 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00E60069 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00E60000 .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00E6004E .text C:\WINDOWS\system32\svchost.exe[1180] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00E6003D .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00E50FB2 .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!system 77C293C7 5 Bytes JMP 00E5003D .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00E50018 .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00E50FEF .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00E50FCD .text C:\WINDOWS\system32\svchost.exe[1180] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 00E50FDE .text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00E30000 .text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00E30025 .text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00E30FEF .text C:\WINDOWS\system32\svchost.exe[1180] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00E30040 .text C:\WINDOWS\system32\svchost.exe[1180] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E40FEF .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00F60000 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00F60F92 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00F6007D .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00F6006C .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00F6005B .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00F60040 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00F600A9 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00F60F61 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00F600E9 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00F600CE .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00F60F35 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00F60FB9 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00F6001B .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00F60098 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00F60FD4 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00F60FE5 .text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00F60F50 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00F5001B .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00F50F8D .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00F50FD4 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00F5000A .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00F50F9E .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00F50FEF .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00F50040 .text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00F50FB9 .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00F40062 .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!system 77C293C7 5 Bytes JMP 00F40051 .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00F4001B .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00F40FEF .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00F40036 .text C:\WINDOWS\system32\svchost.exe[1300] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 00F40000 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00F20000 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00F20FE5 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00F20FD4 .text C:\WINDOWS\system32\svchost.exe[1300] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00F20FC3 .text C:\WINDOWS\system32\svchost.exe[1300] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00F30FE5 .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\svchost.exe[1364] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 02E60FE5 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 02E60F1F .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 02E60F3A .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 02E60F55 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02BB0001 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 02E60F72 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 02E60F97 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 02E6005B .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 02E6004A .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 02E60ED3 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 02E60076 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 02E60EB8 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 02E6001E .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 02E60FCA .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 02E60039 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 02E60FA8 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 02E60FB9 .text C:\WINDOWS\System32\svchost.exe[1364] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 02E60EF8 .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 02B9000A .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 02B9002C .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 02B90FB9 .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 02B90FD4 .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 02B9001B .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 02B90FEF .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 02B90F79 .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D9, 8A] .text C:\WINDOWS\System32\svchost.exe[1364] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 02B90F94 .text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 02B8004E .text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!system 77C293C7 5 Bytes JMP 02B80033 .text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 02B80011 .text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_open 77C2F566 5 Bytes JMP 02B80FE3 .text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 02B80022 .text C:\WINDOWS\System32\svchost.exe[1364] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 02B80000 .text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 0298000A .text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 02980FEF .text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 02980FDE .text C:\WINDOWS\System32\svchost.exe[1364] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 02980FC3 .text C:\WINDOWS\System32\svchost.exe[1364] WS2_32.dll!socket 71AB4211 5 Bytes JMP 02B70000 .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Intel\Wireless\Bin\EvtEng.exe[1432] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 06920001 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001 .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[1448] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe[1476] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03CE0001 .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe[1584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01690001 .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BE0001 .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Documents and Settings\Maria_2\Desktop\5wgbty6q.exe[1692] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1712] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00B10FEF .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00B1008E .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00B10073 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00B10FA5 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D30001 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00B10062 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00B1002C .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00B100D5 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00B100BA .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00B10F61 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00B10F72 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00B10115 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00B10051 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00B10FD4 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00B100A9 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00B1001B .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00B10000 .text C:\WINDOWS\system32\svchost.exe[1712] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00B100F0 .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00B0002C .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00B00F94 .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00B00011 .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00B00FE5 .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00B00FA5 .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00B00000 .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00B00FB6 .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [D0, 88] .text C:\WINDOWS\system32\svchost.exe[1712] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00B0003D .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00AF005A .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!system 77C293C7 5 Bytes JMP 00AF0049 .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00AF0FE3 .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00AF0000 .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00AF0038 .text C:\WINDOWS\system32\svchost.exe[1712] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 00AF001D .text C:\WINDOWS\system32\svchost.exe[1712] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00AD0000 .text C:\WINDOWS\system32\svchost.exe[1712] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00AD0025 .text C:\WINDOWS\system32\svchost.exe[1712] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00AD0FEF .text C:\WINDOWS\system32\svchost.exe[1712] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00AD0FDE .text C:\WINDOWS\system32\svchost.exe[1712] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00AE0000 .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1752] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00D90000 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00D90095 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00D90084 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00D90073 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00D90FB6 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00D90047 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00D900C6 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00D90F74 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00D90F37 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00D90F52 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00D900E1 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00D90058 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00D90FE5 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00D90F85 .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00D9002C .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00D9001B .text C:\WINDOWS\system32\svchost.exe[1752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00D90F63 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00D8002C .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00D8007D .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00D80FDB .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00D80011 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00D80FC0 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00D80000 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyW 77DFBA55 5 Bytes JMP 00D80062 .text C:\WINDOWS\system32\svchost.exe[1752] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00D80047 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D70038 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D70FAD .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D70FE3 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D7000C .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D70FC8 .text C:\WINDOWS\system32\svchost.exe[1752] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 00D7001D .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00D10FE5 .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00D10FD4 .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00D10FB9 .text C:\WINDOWS\system32\svchost.exe[1752] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00D10FA8 .text C:\WINDOWS\system32\svchost.exe[1752] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D60FEF .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1792] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01580001 .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\spoolsv.exe[1916] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\spoolsv.exe[1916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001 .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\svchost.exe[1996] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DB0000 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DB0F57 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DB0F68 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DB0040 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DB0F83 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DB001B .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DB0F2B .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DB0067 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DB00A9 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DB0F10 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00DB0EF5 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00DB0F94 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00DB0FE5 .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 00DB0F3C .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 00DB0FAF .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 00DB0FCA .text C:\WINDOWS\system32\svchost.exe[1996] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00DB008E .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 00DA0FAF .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 00DA0F5E .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 00DA0FCA .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 00DA0000 .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 00DA0F79 .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 00DA0FEF .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 00DA0F94 .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [FA, 88] .text C:\WINDOWS\system32\svchost.exe[1996] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 00DA001B .text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 00D90069 .text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!system 77C293C7 5 Bytes JMP 00D90058 .text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 00D90022 .text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_open 77C2F566 5 Bytes JMP 00D90000 .text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 00D9003D .text C:\WINDOWS\system32\svchost.exe[1996] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 00D90011 .text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 00C50000 .text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 00C50FE5 .text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 00C5001B .text C:\WINDOWS\system32\svchost.exe[1996] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 00C50036 .text C:\WINDOWS\system32\svchost.exe[1996] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00D80000 .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[2028] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01000001 .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [2C, 5F] {SUB AL, 0x5f} .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [17, 5F] {POP SS; POP EDI} .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [05, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [23, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [0B, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [11, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [20, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [0E, 5F] {PUSH CS; POP EDI} .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [26, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [1A, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [1D, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [29, 5F] .text C:\Program Files\Bonjour\mDNSResponder.exe[2044] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001 .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[2064] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001 .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2188] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001 .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe[2248] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001 .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe[2464] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001 .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE[2492] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001 .text C:\WINDOWS\system32\igfxpers.exe[2500] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\igfxpers.exe[2500] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\igfxpers.exe[2500] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\igfxpers.exe[2500] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\igfxpers.exe[2500] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001 .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe[2520] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001 .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe[2528] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B40001 .text C:\WINDOWS\system32\hkcmd.exe[2532] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\system32\hkcmd.exe[2532] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\system32\hkcmd.exe[2532] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\system32\hkcmd.exe[2532] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\WINDOWS\system32\hkcmd.exe[2532] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001 .text C:\WINDOWS\sm56hlpr.exe[2544] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\sm56hlpr.exe[2544] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\sm56hlpr.exe[2544] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\sm56hlpr.exe[2544] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\WINDOWS\sm56hlpr.exe[2544] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\WINDOWS\stsystra.exe[2572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001 .text C:\WINDOWS\stsystra.exe[2572] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\stsystra.exe[2572] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\stsystra.exe[2572] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\stsystra.exe[2572] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\WINDOWS\stsystra.exe[2572] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001 .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\McAfee\Common Framework\UdaterUI.exe[2580] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [3A, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [25, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [15, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [31, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [19, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1F, 5F] {POP DS; POP EDI} .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [22, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2E, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1C, 5F] {SBB AL, 0x5f} .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [34, 5F] {XOR AL, 0x5f} .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [28, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2B, 5F] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [37, 5F] {AAA ; POP EDI} .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 001C0000 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001C0082 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 001C0F97 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 001C0FA8 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 001C005B .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 001C0FCA .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 001C0F55 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 001C0F66 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001C0F15 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 001C0F30 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 001C00C9 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 001C0FB9 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 001C0011 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!CreatePipe 7C81D83F 5 Bytes JMP 001C009D .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!CreateNamedPipeW 7C82F0DD 5 Bytes JMP 001C0040 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!CreateNamedPipeA 7C860CDC 5 Bytes JMP 001C0FE5 .text C:\Program Files\Messenger\msmsgs.exe[2588] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 001C00B8 .text C:\Program Files\Messenger\msmsgs.exe[2588] msvcrt.dll!_wsystem 77C2931E 5 Bytes JMP 002B0036 .text C:\Program Files\Messenger\msmsgs.exe[2588] msvcrt.dll!system 77C293C7 5 Bytes JMP 002B001B .text C:\Program Files\Messenger\msmsgs.exe[2588] msvcrt.dll!_creat 77C2D40F 5 Bytes JMP 002B0000 .text C:\Program Files\Messenger\msmsgs.exe[2588] msvcrt.dll!_open 77C2F566 5 Bytes JMP 002B0FEF .text C:\Program Files\Messenger\msmsgs.exe[2588] msvcrt.dll!_wcreat 77C2FC9B 5 Bytes JMP 002B0FB5 .text C:\Program Files\Messenger\msmsgs.exe[2588] msvcrt.dll!_!!!en 77C30055 5 Bytes JMP 002B0FD2 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegOpenKeyExW 77DD6AAF 5 Bytes JMP 002C0025 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegCreateKeyExW 77DD776C 5 Bytes JMP 002C0054 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegOpenKeyExA 77DD7852 5 Bytes JMP 002C0FD4 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegOpenKeyW 77DD7946 5 Bytes JMP 002C0FE5 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegCreateKeyExA 77DDE9F4 5 Bytes JMP 002C0F97 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegOpenKeyA 77DDEFC8 5 Bytes JMP 002C0000 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegCreateKeyW 77DFBA55 2 Bytes JMP 002C0FA8 .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA58 2 Bytes [4C, 88] .text C:\Program Files\Messenger\msmsgs.exe[2588] ADVAPI32.dll!RegCreateKeyA 77DFBCF3 5 Bytes JMP 002C0FB9 .text C:\Program Files\Messenger\msmsgs.exe[2588] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0E0F5A .text C:\Program Files\Messenger\msmsgs.exe[2588] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Messenger\msmsgs.exe[2588] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Messenger\msmsgs.exe[2588] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0C, 5F] {OR AL, 0x5f} .text C:\Program Files\Messenger\msmsgs.exe[2588] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F110F5A .text C:\Program Files\Messenger\msmsgs.exe[2588] WS2_32.dll!socket 71AB4211 5 Bytes JMP 002D0FEF .text C:\Program Files\Messenger\msmsgs.exe[2588] WININET.dll!InternetOpenA 3D95D690 5 Bytes JMP 002E000A .text C:\Program Files\Messenger\msmsgs.exe[2588] WININET.dll!InternetOpenW 3D95DB09 5 Bytes JMP 002E0FEF .text C:\Program Files\Messenger\msmsgs.exe[2588] WININET.dll!InternetOpenUrlA 3D95F3A4 5 Bytes JMP 002E0FD4 .text C:\Program Files\Messenger\msmsgs.exe[2588] WININET.dll!InternetOpenUrlW 3D9A6DDF 5 Bytes JMP 002E0FC3 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003E0001 .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2620] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B50001 .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\Java\jre6\bin\jusched.exe[2624] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001 .text C:\Program Files\iTunes\iTunesHelper.exe[2632] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\iTunes\iTunesHelper.exe[2632] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\iTunes\iTunesHelper.exe[2632] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\iTunes\iTunesHelper.exe[2632] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\WINDOWS\System32\alg.exe[2864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006F0001 .text C:\WINDOWS\System32\alg.exe[2864] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\WINDOWS\System32\alg.exe[2864] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\WINDOWS\System32\alg.exe[2864] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\System32\alg.exe[2864] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\WINDOWS\System32\alg.exe[2864] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [30, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [18, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [1E, 5F] {PUSH DS; POP EDI} .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [21, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [2D, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [1B, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [33, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [27, 5F] {DAA ; POP EDI} .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [2A, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [36, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001 .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 5F0D0F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 5F040F5A .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [0B, 5F] .text C:\Program Files\McAfee\Common Framework\McTray.exe[3300] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 5F100F5A .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [39, 5F] .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF] .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [24, 5F] {AND AL, 0x5f} .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E] .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [14, 5F] {ADC AL, 0x5f} .text C:\WINDOWS\SYSTEM32\WISPTIS.EXE[3812] ntdll.dll!NtCreateSection 7C90D17E