GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2008-12-27 18:41:09 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0xA965757B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateKey [0xA96574FB] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0xA96575A5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteKey [0xA965750F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xA965753B] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xA96575CF] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenKey [0xA96574E7] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0xA965758F] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRenameKey [0xA9657525] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetValueKey [0xA9657551] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0xA9657567] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xA96575E5] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0xA96575B9] Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection ---- Kernel code sections - GMER 1.0.14 ---- .text ntkrnlpa.exe!ZwYieldExecution 80504AE8 7 Bytes JMP A96575BD \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtCreateFile 80579084 5 Bytes JMP A965757F \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!NtMapViewOfSection 805B2006 7 Bytes JMP A96575D3 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B2E14 5 Bytes JMP A96575E9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B83E6 7 Bytes JMP A9657593 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateProcess 805D11F8 5 Bytes JMP A96575A9 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwTerminateProcess 805D29AA 5 Bytes JMP A965756B \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwSetValueKey 80621D18 7 Bytes JMP A9657555 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwRenameKey 806231B4 7 Bytes JMP A9657529 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwCreateKey 80623792 5 Bytes JMP A96574FF \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteKey 80623C22 7 Bytes JMP A9657513 \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) PAGE ntkrnlpa.exe!ZwDeleteValueKey 80623DF2 1 Byte [ E9 ] PAGE ntkrnlpa.exe!ZwDeleteValueKey + 2 80623DF4 5 Bytes [ 37, 03, 29, 90, 90 ] PAGE ntkrnlpa.exe!ZwOpenKey 80624B64 5 Bytes JMP A96574EB \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ? gpubyd.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 010F0000 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 010F0F55 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 010F0F66 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 010F0F81 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 010F0040 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 010F0FAF .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 010F0F29 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 010F0065 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010F0EE2 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010F0EF3 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010F00A0 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 010F0F9E .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 010F0FE5 .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 010F0F3A .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 010F001B .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 010F0FCA .text C:\WINDOWS\system32\services.exe[772] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 010F0F0E .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 010E001B .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 010E0F94 .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 010E000A .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 010E0FD4 .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 010E0FA5 .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 010E0FEF .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 010E0047 .text C:\WINDOWS\system32\services.exe[772] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 010E0036 .text C:\WINDOWS\system32\services.exe[772] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00FE0000 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00DD0FEF .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00DD0F66 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00DD005B .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00DD0F83 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00DD0F9E .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00DD002F .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00DD0F24 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00DD0F35 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00DD0EFF .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00DD00A2 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00DD0EEE .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00DD0040 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00DD0FDE .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00DD006C .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00DD0014 .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00DD0FCD .text C:\WINDOWS\system32\lsass.exe[796] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00DD0087 .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00DC0FC0 .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00DC005B .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00DC001B .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00DC0FE5 .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00DC0040 .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00DC0000 .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00DC0F9E .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ FC, 88 ] .text C:\WINDOWS\system32\lsass.exe[796] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00DC0FAF .text C:\WINDOWS\system32\lsass.exe[796] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00C60FEF .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00C00000 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00C00058 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00C00047 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00C00036 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00C00F79 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00C00FA5 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00C00073 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00C00F21 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00C000C4 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00C0009F .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00C000DF .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00C00F94 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00C00FDB .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00C00F48 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00C00011 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00C00FC0 .text C:\WINDOWS\system32\svchost.exe[984] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00C00084 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00BF0FB9 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00BF0065 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00BF0FCA .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00BF0FE5 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00BF004A .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00BF0000 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 00BF0FA8 .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ DF, 88 ] .text C:\WINDOWS\system32\svchost.exe[984] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00BF002F .text C:\WINDOWS\system32\svchost.exe[984] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00BB0FE5 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00EC0FE5 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00EC0F57 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00EC0F68 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00EC0F79 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00EC0F8A .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00EC0FA5 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00EC0F15 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00EC0F26 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00EC0EE9 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00EC0EFA .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00EC0ED8 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00EC002C .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00EC0000 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00EC005D .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00EC0FB6 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00EC0011 .text C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00EC0078 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00EB0FCA .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00EB0080 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00EB001B .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00EB0000 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00EB005B .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00EB0FE5 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00EB0040 .text C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00EB0FB9 .text C:\WINDOWS\system32\svchost.exe[1052] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00E9000A .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 025C0000 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 025C0F94 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 025C0FA5 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 025C007F .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 025C0FB6 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 025C0047 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 025C0F52 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 025C0F63 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 025C0F26 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 025C00BF .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 025C0F0B .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 025C0058 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 025C001B .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 025C009A .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 025C002C .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 025C0FE5 .text C:\WINDOWS\System32\svchost.exe[1096] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 025C0F41 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 02AF0040 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 02AF009B .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 02AF0FEF .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 02AF0025 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 02AF0080 .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 02AF000A .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 02AF006F .text C:\WINDOWS\System32\svchost.exe[1096] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 02AF0FDE .text C:\WINDOWS\System32\svchost.exe[1096] WS2_32.dll!socket 71AB4211 5 Bytes JMP 025E0000 .text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 02B00FEF .text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 02B0000A .text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 02B0001B .text C:\WINDOWS\System32\svchost.exe[1096] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 02B00FCA .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 006C0000 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 006C0F6F .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 006C0F8A .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 006C0F9B .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 006C0FB6 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 006C003D .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 006C0F4A .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 006C0092 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 006C0F0A .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 006C00A3 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 006C0EEF .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 006C0058 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 006C0011 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 006C0075 .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 006C002C .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 006C0FDB .text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 006C0F25 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 006B0033 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 006B005F .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 006B0022 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 006B0011 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 006B0FA2 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 006B0000 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 006B0FB3 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyW + 4 77DFBA29 1 Byte [ 88 ] .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 3 Bytes JMP 006B0044 .text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!RegCreateKeyA + 4 77DFBCC7 1 Byte [ 88 ] .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 009F0000 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 009F0F77 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 009F0F88 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 009F0F99 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 009F0062 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 009F003D .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 009F0F2E .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 009F0F4B .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 009F00AC .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 009F0F13 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 009F00C7 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 009F0FB6 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 009F001B .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 009F0F5C .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 009F0FD1 .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 009F002C .text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 009F0091 .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 009E0FAF .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 009E0047 .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 009E000A .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 009E0FD4 .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 009E0036 .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 009E0FEF .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 009E0F94 .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ BE, 88 ] .text C:\WINDOWS\system32\svchost.exe[1428] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 009E001B .text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!socket 71AB4211 5 Bytes JMP 009C0FEF .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00CD000A .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 00CD0F70 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00CD0F81 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00CD0F92 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00CD0FB9 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00CD0036 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 00CD0094 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00CD0F4E .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00CD0F31 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00CD00CA .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 00CD0F0C .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00CD0051 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00CD001B .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00CD0F5F .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00CD0FCA .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00CD0FE5 .text C:\WINDOWS\system32\svchost.exe[1476] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00CD00AF .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 00A70025 .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 00A70F79 .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 00A70FD4 .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 00A70FE5 .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 00A70F94 .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 00A7000A .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 00A70036 .text C:\WINDOWS\system32\svchost.exe[1476] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 00A70FB9 .text C:\WINDOWS\system32\svchost.exe[1476] WS2_32.dll!socket 71AB4211 5 Bytes JMP 00A50000 .text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 00A80FEF .text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 00A80FD4 .text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 00A8000A .text C:\WINDOWS\system32\svchost.exe[1476] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 00A8001B .text C:\Program Files\Mozilla Firefox\firefox.exe[2176] WS2_32.dll!send 71AB4C27 5 Bytes JMP 0095CEA6 C:\WINDOWS\system32\pfzbxf.dll .text C:\Program Files\Mozilla Firefox\firefox.exe[2176] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00965472 C:\WINDOWS\system32\pfzbxf.dll .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0176000A .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01760093 .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01760F9E .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01760FAF .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 0176006C .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01760FCA .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 017600BF .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 017600AE .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 01760F37 .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 017600DA .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 017600EB .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 0176005B .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01760FEF .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01760F83 .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01760036 .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01760025 .text C:\WINDOWS\Explorer.EXE[3124] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01760F5C .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 013E0040 .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 013E0FA8 .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 013E0FEF .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 013E001B .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 013E0FB9 .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 013E0000 .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 013E005B .text C:\WINDOWS\Explorer.EXE[3124] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 013E0FDE .text C:\WINDOWS\Explorer.EXE[3124] WININET.dll!InternetOpenA 7806C865 5 Bytes JMP 01750000 .text C:\WINDOWS\Explorer.EXE[3124] WININET.dll!InternetOpenW 7806CE99 5 Bytes JMP 01750025 .text C:\WINDOWS\Explorer.EXE[3124] WININET.dll!InternetOpenUrlA 78070BCA 5 Bytes JMP 01750036 .text C:\WINDOWS\Explorer.EXE[3124] WININET.dll!InternetOpenUrlW 780BAEB9 5 Bytes JMP 01750FE5 .text C:\WINDOWS\Explorer.EXE[3124] ws2_32.dll!socket 71AB4211 5 Bytes JMP 01970000 .text C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe[3396] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Windows Live Messenger/Microsoft Corporation) .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 0103000A .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 01030F90 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 01030085 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 01030FAB .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 01030FBC .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 01030FDE .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 01030F53 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 01030F64 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 010300DB .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 010300CA .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 010300EC .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 01030FCD .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 01030025 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 01030F75 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 01030FEF .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 01030040 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 01030F42 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 01020FA5 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 0102002C .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 01020FCA .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 01020000 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 01020F79 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 01020FE5 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegCreateKeyW 77DFBA25 2 Bytes JMP 01020F8A .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegCreateKeyW + 3 77DFBA28 2 Bytes [ 22, 89 ] .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 01020011 .text C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe[3532] WS2_32.dll!socket 0D804211 5 Bytes JMP 0D820FE5 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00700FEF .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 0070004A .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 0070002F .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 00700F55 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00700F72 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00700FA8 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!GetStartupInfoW 7C801E54 5 Bytes JMP 0070005B .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!GetStartupInfoA 7C801EF2 5 Bytes JMP 00700F13 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00700EE7 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00700EF8 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!GetProcAddress 7C80AE30 5 Bytes JMP 007000A5 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!LoadLibraryW 7C80AEDB 5 Bytes JMP 00700F83 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!CreateFileW 7C8107F0 5 Bytes JMP 00700FD4 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!CreatePipe 7C81D827 5 Bytes JMP 00700F30 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!CreateNamedPipeW 7C82F0C5 5 Bytes JMP 00700FC3 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!CreateNamedPipeA 7C860B7C 5 Bytes JMP 00700014 .text C:\WINDOWS\system32\svchost.exe[4032] kernel32.dll!WinExec 7C8623AD 5 Bytes JMP 00700076 .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegOpenKeyExW 77DD6A9F 5 Bytes JMP 006F0025 .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegCreateKeyExW 77DD775C 5 Bytes JMP 006F005B .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegOpenKeyExA 77DD7842 5 Bytes JMP 006F0FCA .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegOpenKeyW 77DD7936 5 Bytes JMP 006F0FDB .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegCreateKeyExA 77DDE9E4 5 Bytes JMP 006F0F9E .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegOpenKeyA 77DDEFB8 5 Bytes JMP 006F0000 .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegCreateKeyW 77DFBA25 5 Bytes JMP 006F0040 .text C:\WINDOWS\system32\svchost.exe[4032] ADVAPI32.dll!RegCreateKeyA 77DFBCC3 5 Bytes JMP 006F0FB9 ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [10001CA0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [1002B410] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AdjustWindowRect] [1002B480] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [10001CA0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!SetWindowLongA] [1002B4A0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [10001CA0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WININET.dll [USER32.dll!SetWindowLongA] [1002B4A0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [10001CA0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [10001CD0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [10001C80] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [10001CA0] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [10001C60] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) IAT C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe[2168] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [10001050] C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\NewUI.dll (New UI/Sony Ericsson Mobile Communications AB) ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.) Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation) Device A84D0D20 AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions) Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Direct Access Component/Sonic Solutions) ---- EOF - GMER 1.0.14 ----