Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Limited or no connectivity. Unable to contact your DHCP server

Started by kenneth23 , May 06 2010 06:09 AM

  • This topic is locked This topic is locked

#1
kenneth23
Posted 06 May 2010 - 06:09 AM

kenneth23

    Member

  • Member
  • PipPip
  • 14 posts
Here's the GMER log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 16:07:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ram\LOCALS~1\Temp\ugldqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF4D57610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF83B7514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF83A6282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF83A6474]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF4D57C10]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF83B7D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF83B7FB8]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF4D57730]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF83B63FA]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF4D574B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF4D57570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF4D576D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF83B8422]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF4D57690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF4D57650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF4D577D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF83B77D8]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF4D57510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF4D57590]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF4C30320]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF4D575D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF4D57750]

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03910001
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 043A0001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\WINDOWS\system32\ctfmon.exe[316] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[316] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01510001
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02C50001
.text C:\Program Files\Skype\Phone\Skype.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Skype\Phone\Skype.exe[328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05C30001
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014C0001
.text C:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014E0001
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\locator.exe[816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\system32\locator.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\locator.exe[816] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1104] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04CE0001
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01520001
.text C:\WINDOWS\system32\spoolsv.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00740001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014F0001
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1788] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008F0001
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\system32\wscntfy.exe[3232] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wscntfy.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\wscntfy.exe[3232] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\Tcp drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP