GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-07 16:07:08
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ram\LOCALS~1\Temp\ugldqpog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwAssignProcessToJobObject [0xF4D57610]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF83B7514]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF83A6282]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF83A6474]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDebugActiveProcess [0xF4D57C10]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF83B7D00]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF83B7FB8]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwDuplicateObject [0xF4D57730]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF83B63FA]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenProcess [0xF4D574B0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwOpenThread [0xF4D57570]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwProtectVirtualMemory [0xF4D576D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF83B8422]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetContextThread [0xF4D57690]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetInformationThread [0xF4D57650]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSetSecurityObject [0xF4D577D0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF83B77D8]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendProcess [0xF4D57510]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwSuspendThread [0xF4D57590]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xF4C30320]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwTerminateThread [0xF4D575D0]
SSDT \SystemRoot\system32\DRIVERS\ehdrv.sys (ESET Helper driver/ESET) ZwWriteVirtualMemory [0xF4D57750]
---- Kernel code sections - GMER 1.0.15 ----
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\PixArt\PAC7302\Monitor.exe[224] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03910001
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\RegDefense\RDFNSListener.exe[248] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 043A0001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044AB89 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\pctsTray.exe[260] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[316] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
.text C:\WINDOWS\system32\ctfmon.exe[316] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\ctfmon.exe[316] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01510001
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Warkeys\AutoWarkey\AutoHotkey\AutoHotkey.exe[320] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Skype\Phone\Skype.exe[328] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Skype\Phone\Skype.exe[328] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02C50001
.text C:\Program Files\Skype\Phone\Skype.exe[328] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Skype\Phone\Skype.exe[328] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05C30001
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[356] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F50001
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\MagicDisc\MagicDisc.exe[416] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[684] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\csrss.exe[684] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014C0001
.text C:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\csrss.exe[684] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[712] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\winlogon.exe[712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014E0001
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\winlogon.exe[712] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[756] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\services.exe[756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FC0001
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\services.exe[756] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\lsass.exe[768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F60001
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\lsass.exe[768] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\locator.exe[816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\locator.exe[816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009C0001
.text C:\WINDOWS\system32\locator.exe[816] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\locator.exe[816] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[948] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[948] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[948] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1048] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1048] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1048] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1104] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 4 Bytes [C2, 04, 00, 00]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04CE0001
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AA0001
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1208] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1284] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1284] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1284] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1404] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1404] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01520001
.text C:\WINDOWS\system32\spoolsv.exe[1404] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\spoolsv.exe[1404] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00740001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1568] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1624] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[1624] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014F0001
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\Explorer.EXE[1624] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1788] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044AD11 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1940] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\svchost.exe[1940] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00990001
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\svchost.exe[1940] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008F0001
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Tiny DHCP Server\dhcpsrv.exe[1964] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01010001
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[3064] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscntfy.exe[3232] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\wscntfy.exe[3232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\system32\wscntfy.exe[3232] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\wscntfy.exe[3232] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\WINDOWS\system32\wscntfy.exe[3232] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtClose 7C90CFD0 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtClose + 4 7C90CFD4 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateFile 7C90D090 1 Byte [FF]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateFile 7C90D090 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateFile + 4 7C90D094 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateKey 7C90D0D0 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateKey + 4 7C90D0D4 2 Bytes [05, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateSection 7C90D160 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtCreateSection + 4 7C90D164 2 Bytes [23, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteKey 7C90D230 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteKey + 4 7C90D234 2 Bytes [0B, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteValueKey 7C90D250 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtDeleteValueKey + 4 7C90D254 2 Bytes [11, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtRenameKey 7C90DA40 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtRenameKey + 4 7C90DA44 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetInformationFile 7C90DC40 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetInformationFile + 4 7C90DC44 2 Bytes [20, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetValueKey 7C90DDB0 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtSetValueKey + 4 7C90DDB4 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtTerminateProcess 7C90DE50 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtTerminateProcess + 4 7C90DE54 2 Bytes [26, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFile 7C90DF60 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFile + 4 7C90DF64 2 Bytes [1A, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFileGather 7C90DF70 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteFileGather + 4 7C90DF74 2 Bytes [1D, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteVirtualMemory 7C90DF90 3 Bytes [FF, 25, 1E]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DF94 2 Bytes [29, 5F]
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] kernel32.dll!FreeLibrary + 15 7C80AC83 4 Bytes CALL 7170003D
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5F320F5A
.text C:\DOCUME~1\ram\LOCALS~1\Temp\Temporary Directory 4 for gmer.zip\gmer.exe[3880] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F2E0F5A
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Ip drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\Tcp drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\Udp drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \Driver\Tcpip \Device\RawIp drwebaf.sys (Dr.Web Application Filter Driver/Doctor Web)
AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (ESET Personal Firewall TDI filter/ESET)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
---- EOF - GMER 1.0.15 ----