Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

TR/PSW.Agent.pkt

Started by VisualEchos , Jun 03 2010 10:59 PM

  • Please log in to reply

#1
VisualEchos
Posted 03 June 2010 - 10:59 PM

VisualEchos

    Member

  • Member
  • PipPip
  • 33 posts
Computer has been acting strange lately, Avira found TR/PSW.Agent.pkt, but didn't remove it. I read through the guide and did everything it said, and will post the logs below. MBAM was clean. Logs will be posted below.

Thanks in advance for any help :)

Edited by VisualEchos, 03 June 2010 - 11:06 PM.

  • 0

Advertisements

#2
VisualEchos
Posted 03 June 2010 - 11:00 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-03 23:20:33
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\ULTIMA~1\AppData\Local\Temp\fxldipow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAllocateVirtualMemory [0xA048DB94]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAlpcConnectPort [0xA048D516]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwAssignProcessToJobObject [0xA048D586]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwConnectPort [0xA048D5DA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateFile [0xA048D640]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcess [0xA048D72E]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateProcessEx [0xA048D7BA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThread [0xA048D84A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDebugActiveProcess [0xA048D980]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwDuplicateObject [0xA048D9D4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwLoadDriver [0xA048DA3A]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenKey [0xA048DA8C]
SSDT 9DD4BC68 ZwOpenProcess
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenSection [0xA048DAE4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwOpenThread [0xA048DB3C]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwProtectVirtualMemory [0xA048DBFA]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwRestoreKey [0xA048DC58]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwResumeThread [0xA048DCB6]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSecureConnectPort [0xA048DD74]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSetValueKey [0xA048DD08]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSuspendProcess [0xA048DDDE]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwSystemDebugControl [0xA048DE30]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwTerminateProcess [0xA048DE90]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwWriteVirtualMemory [0xA048DEF4]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateThreadEx [0xA048D8EC]
SSDT \??\C:\Windows\system32\drivers\PCTAppEvent.sys ZwCreateUserProcess [0xA048D6BE]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 131 820BE894 4 Bytes [94, DB, 48, A0] {XCHG ESP, EAX; FISTTP DWORD [EAX-0x60]}
.text ntkrnlpa.exe!KeSetEvent + 13D 820BE8A0 4 Bytes [16, D5, 48, A0]
.text ntkrnlpa.exe!KeSetEvent + 191 820BE8F4 4 Bytes [86, D5, 48, A0]
.text ntkrnlpa.exe!KeSetEvent + 1C1 820BE924 4 Bytes [DA, D5, 48, A0]
.text ntkrnlpa.exe!KeSetEvent + 1D9 820BE93C 4 Bytes [40, D6, 48, A0]
.text ...
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8C609340, 0x413097, 0xE8000020]
? C:\Windows\system32\Drivers\mchInjDrv.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\taskeng.exe[240] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[240] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\taskeng.exe[240] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[240] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\taskeng.exe[240] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\taskeng.exe[240] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[240] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\taskeng.exe[240] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\taskeng.exe[240] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\taskeng.exe[240] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\taskeng.exe[240] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\taskeng.exe[240] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\taskeng.exe[240] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\taskeng.exe[240] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\taskeng.exe[240] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\taskeng.exe[240] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\taskeng.exe[240] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\taskeng.exe[240] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\wininit.exe[640] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wininit.exe[640] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\wininit.exe[640] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\wininit.exe[640] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\wininit.exe[640] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\wininit.exe[640] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\wininit.exe[640] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\wininit.exe[640] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\wininit.exe[640] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\services.exe[684] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[684] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\services.exe[684] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[684] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\services.exe[684] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[684] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\services.exe[684] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\services.exe[684] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\services.exe[684] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\services.exe[684] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\services.exe[684] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\services.exe[684] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\services.exe[684] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\services.exe[684] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\services.exe[684] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\services.exe[684] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\lsass.exe[700] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsass.exe[700] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\lsass.exe[700] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\lsm.exe[708] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[708] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\lsm.exe[708] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[708] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\lsm.exe[708] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\lsm.exe[708] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\lsm.exe[708] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\lsm.exe[708] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[852] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[852] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[852] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[956] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\nvvsvc.exe[956] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\nvvsvc.exe[956] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\nvvsvc.exe[956] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\nvvsvc.exe[956] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\nvvsvc.exe[956] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\nvvsvc.exe[956] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\nvvsvc.exe[956] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\nvvsvc.exe[956] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\nvvsvc.exe[956] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\nvvsvc.exe[956] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\nvvsvc.exe[956] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\nvvsvc.exe[956] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\nvvsvc.exe[956] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\nvvsvc.exe[956] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[984] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!
  • 0

#3
VisualEchos
Posted 03 June 2010 - 11:00 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[984] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[984] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[984] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[984] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\svchost.exe[984] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[984] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[984] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[984] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[984] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1024] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1024] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\System32\svchost.exe[1024] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\System32\svchost.exe[1024] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\System32\svchost.exe[1024] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1084] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\System32\svchost.exe[1084] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1084] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\System32\svchost.exe[1084] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1128] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\System32\svchost.exe[1128] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[1128] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\System32\svchost.exe[1128] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\System32\svchost.exe[1128] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtProtectVirtualMemory 770C4D34 5 Bytes JMP 0028000A
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!NtWriteVirtualMemory 770C5674 5 Bytes JMP 002A000A
.text C:\Windows\system32\svchost.exe[1196] ntdll.dll!KiUserExceptionDispatcher 770C5DC8 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1196] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\svchost.exe[1196] ole32.dll!CoCreateInstance 76459EA6 5 Bytes JMP 0079000A
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\svchost.exe[1196] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\svchost.exe[1196] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe[1244] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1284] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1376] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[1376] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1376] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[1376] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\rundll32.exe[1492] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1492] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\rundll32.exe[1492] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1492] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\rundll32.exe[1492] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\rundll32.exe[1492] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\rundll32.exe[1492] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\rundll32.exe[1492] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\rundll32.exe[1492] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\rundll32.exe[1492] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\rundll32.exe[1492] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\rundll32.exe[1492] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\rundll32.exe[1492] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\rundll32.exe[1492] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\rundll32.exe[1492] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\rundll32.exe[1492] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\rundll32.exe[1492] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\rundll32.exe[1492] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1512] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\svchost.exe[1512] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1512] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[1512] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[1512] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[1512] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\svchost.exe[1512] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[1512] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\svchost.exe[1512] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1512] shell32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[1512] shell32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[1512] shell32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\svchost.exe[1512] shell32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\taskeng.exe[1608] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1608] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\taskeng.exe[1608] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1608] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\taskeng.exe[1608] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\taskeng.exe[1608] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\taskeng.exe[1608] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\taskeng.exe[1608] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\taskeng.exe[1608] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\taskeng.exe[1608] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\taskeng.exe[1608] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\taskeng.exe[1608] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\taskeng.exe[1608] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\taskeng.exe[1608] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\taskeng.exe[1608] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\taskeng.exe[1608] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\taskeng.exe[1608] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\taskeng.exe[1608] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[1644] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1644] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\svchost.exe[1644] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1644] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\svchost.exe[1644] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[1644] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[1644] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[1644] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[1644] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\svchost.exe[1644] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[1644] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\svchost.exe[1644] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[1644] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[1644] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[1644] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\svchost.exe[1644] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe[1664] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
  • 0

#4
VisualEchos
Posted 03 June 2010 - 11:01 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\IntelDH\CCU\AlertService.exe[1828] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\System32\spoolsv.exe[1948] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1948] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1948] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1948] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\System32\spoolsv.exe[1948] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\System32\spoolsv.exe[1948] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\spoolsv.exe[1948] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\System32\spoolsv.exe[1948] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2004] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\svchost.exe[2004] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2004] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\svchost.exe[2004] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[2004] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[2004] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[2004] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\svchost.exe[2004] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[2012] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe[2108] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FWService.exe[2196] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2268] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[2268] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2268] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[2268] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe[2296] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\Dwm.exe[2528] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2528] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\Dwm.exe[2528] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2528] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\Dwm.exe[2528] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\Dwm.exe[2528] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\Dwm.exe[2528] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\Dwm.exe[2528] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\Dwm.exe[2528] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\Dwm.exe[2528] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\Dwm.exe[2528] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\Dwm.exe[2528] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\Dwm.exe[2528] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\Dwm.exe[2528] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\Explorer.EXE[2560] ntdll.dll!NtProtectVirtualMemory 770C4D34 5 Bytes JMP 007D000A
.text C:\Windows\Explorer.EXE[2560] ntdll.dll!NtWriteVirtualMemory 770C5674 5 Bytes JMP 007E000A
.text C:\Windows\Explorer.EXE[2560] ntdll.dll!KiUserExceptionDispatcher 770C5DC8 5 Bytes JMP 007C000A
.text C:\Windows\Explorer.EXE[2560] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\Explorer.EXE[2560] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\Explorer.EXE[2560] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\Explorer.EXE[2560] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\Explorer.EXE[2560] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\Explorer.EXE[2560] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\Explorer.EXE[2560] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\Explorer.EXE[2560] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\Explorer.EXE[2560] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\Explorer.EXE[2560] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\Explorer.EXE[2560] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\Explorer.EXE[2560] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\Explorer.EXE[2560] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
  • 0

#5
VisualEchos
Posted 03 June 2010 - 11:02 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe[2636] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[2644] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\QuickTime\QTTask.exe[2644] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[2644] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\QuickTime\QTTask.exe[2644] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2652] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\System32\rundll32.exe[2668] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[2668] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\System32\rundll32.exe[2668] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[2668] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\System32\rundll32.exe[2668] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\System32\rundll32.exe[2668] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\rundll32.exe[2668] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\System32\rundll32.exe[2668] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\rundll32.exe[2668] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\System32\rundll32.exe[2668] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\System32\rundll32.exe[2668] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\System32\rundll32.exe[2668] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\rundll32.exe[2668] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\rundll32.exe[2668] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\System32\rundll32.exe[2668] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\System32\rundll32.exe[2668] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\System32\rundll32.exe[2668] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\System32\rundll32.exe[2668] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\ehome\ehtray.exe[2716] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2716] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\ehome\ehtray.exe[2716] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2716] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\ehome\ehtray.exe[2716] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\ehome\ehtray.exe[2716] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehtray.exe[2716] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\ehome\ehtray.exe[2716] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehtray.exe[2716] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\ehome\ehtray.exe[2716] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\ehome\ehtray.exe[2716] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\ehome\ehtray.exe[2716] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\ehome\ehtray.exe[2716] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\ehome\ehtray.exe[2716] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\ehome\ehtray.exe[2716] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\ehome\ehtray.exe[2716] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\ehome\ehtray.exe[2716] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\ehome\ehtray.exe[2716] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\svchost.exe[2824] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2824] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Windows\system32\svchost.exe[2824] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2824] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Windows\system32\svchost.exe[2824] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\svchost.exe[2824] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\svchost.exe[2824] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\svchost.exe[2824] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\svchost.exe[2824] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\svchost.exe[2824] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\system32\svchost.exe[2824] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\svchost.exe[2824] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\system32\svchost.exe[2824] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\svchost.exe[2824] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\svchost.exe[2824] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\svchost.exe[2824] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\system32\svchost.exe[2824] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe[2992] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\ehome\ehmsas.exe[3044] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3044] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[3044] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3044] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\ehome\ehmsas.exe[3044] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\ehome\ehmsas.exe[3044] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\ehome\ehmsas.exe[3044] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\ehome\ehmsas.exe[3044] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\ehome\ehmsas.exe[3044] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\ehome\ehmsas.exe[3044] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\ehome\ehmsas.exe[3044] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\ehome\ehmsas.exe[3044] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\ehome\ehmsas.exe[3044] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\ehome\ehmsas.exe[3044] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\System32\svchost.exe[3152] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3152] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\System32\svchost.exe[3152] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3152] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\System32\svchost.exe[3152] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\System32\svchost.exe[3152] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\System32\svchost.exe[3152] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\System32\svchost.exe[3152] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\System32\svchost.exe[3152] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\System32\svchost.exe[3152] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\System32\svchost.exe[3152] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\System32\svchost.exe[3152] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\System32\svchost.exe[3152] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\System32\svchost.exe[3152] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe[3300] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe[3404] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\system32\WUDFHost.exe[3700] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[3700] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\WUDFHost.exe[3700] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[3700] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\WUDFHost.exe[3700] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\WUDFHost.exe[3700] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\WUDFHost.exe[3700] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\WUDFHost.exe[3700] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\WUDFHost.exe[3700] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\WUDFHost.exe[3700] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\WUDFHost.exe[3700] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\WUDFHost.exe[3700] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\WUDFHost.exe[3700] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\WUDFHost.exe[3700] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
  • 0

#6
VisualEchos
Posted 03 June 2010 - 11:02 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe[3964] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [3B, 5F]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F400F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F340F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe[4076] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Windows\system32\wbem\wmiprvse.exe[4668] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Windows\explorer.exe[4840] ntdll.dll!NtProtectVirtualMemory 770C4D34 5 Bytes JMP 0083000A
.text C:\Windows\explorer.exe[4840] ntdll.dll!NtWriteVirtualMemory 770C5674 5 Bytes JMP 0084000A
.text C:\Windows\explorer.exe[4840] ntdll.dll!KiUserExceptionDispatcher 770C5DC8 5 Bytes JMP 0082000A
.text C:\Windows\explorer.exe[4840] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Windows\explorer.exe[4840] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F4F0F5A
.text C:\Windows\explorer.exe[4840] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Windows\explorer.exe[4840] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F460F5A
.text C:\Windows\explorer.exe[4840] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Windows\explorer.exe[4840] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F520F5A
.text C:\Windows\explorer.exe[4840] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F430F5A
.text C:\Windows\explorer.exe[4840] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F490F5A
.text C:\Windows\explorer.exe[4840] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F370F5A
.text C:\Windows\explorer.exe[4840] SHELL32.dll!ShellExecuteW 76569725 6 Bytes JMP 5F2B0F5A
.text C:\Windows\explorer.exe[4840] SHELL32.dll!ShellExecuteExW 765BC135 6 Bytes JMP 5F310F5A
.text C:\Windows\explorer.exe[4840] SHELL32.dll!ShellExecuteEx 76769FE2 6 Bytes JMP 5F2E0F5A
.text C:\Windows\explorer.exe[4840] SHELL32.dll!ShellExecuteA 7676A07D 6 Bytes JMP 5F280F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] ntdll.dll!NtLoadDriver 770C4A64 3 Bytes [FF, 25, 1E]
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] ntdll.dll!NtLoadDriver + 4 770C4A68 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] ntdll.dll!NtSuspendProcess 770C54B4 3 Bytes [FF, 25, 1E]
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] ntdll.dll!NtSuspendProcess + 4 770C54B8 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!TerminateProcess 763218EF 6 Bytes JMP 5F0D0F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!CreateProcessW 76321BF3 6 Bytes JMP 5F250F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!CreateProcessA 76321C28 6 Bytes JMP 5F220F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!WriteProcessMemory 76321CB8 6 Bytes JMP 5F100F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!LoadLibraryExW 76349109 6 Bytes JMP 5F070F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!LoadLibraryW 76349362 6 Bytes JMP 5F190F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!LoadLibraryA 763494DC 6 Bytes JMP 5F160F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!TerminateThread 763641F7 6 Bytes JMP 5F310F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!GetProcAddress 7636903B 6 Bytes JMP 5F130F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!CreateRemoteThread 7636C935 3 Bytes [FF, 25, 1E]
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!CreateRemoteThread + 4 7636C939 2 Bytes [05, 5F]
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!DebugActiveProcess 763A9A61 6 Bytes JMP 5F340F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] kernel32.dll!WinExec 763B5CF7 6 Bytes JMP 5F280F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] USER32.dll!SetWindowsHookExA 760D6322 6 Bytes JMP 5F1C0F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] USER32.dll!GetAsyncKeyState 760D863C 6 Bytes JMP 5F3A0F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] USER32.dll!SetWindowsHookExW 760D87AD 6 Bytes JMP 5F1F0F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] USER32.dll!SetWinEventHook 760D9F3A 6 Bytes JMP 5F460F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] USER32.dll!GetKeyState 760E8CB1 6 Bytes JMP 5F370F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] USER32.dll!DdeConnect 76119A1F 6 Bytes JMP 5F3D0F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] USER32.dll!EndTask 7611AD32 6 Bytes JMP 5F2B0F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] ADVAPI32.dll!LsaRemoveAccountRights 7577B569 6 Bytes JMP 5F0A0F5A
.text C:\Users\UltimateLurker\AppData\Local\Temp\Temp2_gmer.zip\gmer.exe[4988] ADVAPI32.dll!CreateServiceA 757972A1 6 Bytes JMP 5F430F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

Device \Driver\ubohci \Device\UBOHCI0 UB1394.SYS (ubCore® 1394 Class Driver (x86 XP/2003/Vista Rel)/Unibrain)

AttachedDevice \Driver\tdx \Device\Tcp pctgntdi.sys

Device \Driver\ubohci \Device\UBOHCI1 UB1394.SYS (ubCore® 1394 Class Driver (x86 XP/2003/Vista Rel)/Unibrain)
Device \Driver\ubohci \Device\C1394 UB1394.SYS (ubCore® 1394 Class Driver (x86 XP/2003/Vista Rel)/Unibrain)

AttachedDevice \Driver\tdx \Device\Udp pctgntdi.sys
AttachedDevice \Driver\tdx \Device\RawIp pctgntdi.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Monitors\Client Side Port\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Monitors\Client Side Port\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@PrinterPath \Users\S-1-5-21-3725710014-262461293-1841910617-1001\Printers\^\^\192.168.1.51^\HP Photosmart Pro B8300 series (Copy 1)
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@ChangeID 42339
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@StatusExt 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Status 384
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Name {937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Share Name
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Print Processor WinPrint
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Datatype RAW
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Parameters
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Action 2
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@ObjectGUID
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@DsKeyUpdate 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@DsKeyUpdateForeground 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Description
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Printer Driver HP Photosmart Pro B8300 series
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Default DevMode 0x7B 0x00 0x39 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Priority 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Default Priority 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@StartTime 60
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@UntilTime 60
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Separator File
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Location
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Attributes 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@txTimeout 45000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@dnsTimeout 15000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Security 0x01 0x00 0x0C 0x80 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@CreatorSid 0x01 0x01 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@SpoolDirectory
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}@Port {937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\Client Side Rendering
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\Client Side Rendering@LastTouched 0xD0 0xD3 0x7C 0x13 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\Client Side Rendering@DriverState 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot@HPRestrictedUserGuid 7e25f5f2-f18f-4d7b-66b6-4356aec64561?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot@PresetPoolMaxIndexCount 0x09 0x00 0x00 0x00
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:0 0xA8 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:1 0xFE 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:2 0xE4 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:3 0xBA 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:4 0xA8 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:5 0xBC 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:6 0xC0 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:7 0xB0 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\PresetPoolData@PresetPool:8 0xAA 0x13 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\WatermarkPoolData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\WatermarkPoolData@WatermarkPool:0 0x20 0x00 0x5B 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\WatermarkPoolData@WatermarkPool:1 0x43 0x00 0x6F 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\WatermarkPoolData@WatermarkPool:2 0x44 0x00 0x72 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\HPPresetRoot\WatermarkPoolData@WatermarkPool:3 0x53 0x00 0x41 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@InitDriverVersion 1536
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@Model HP Photosmart Pro B8300 series
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@PrinterDataSize 560
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@PrinterData 0x00 0x06 0x30 0x02 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@FeatureKeywordSize 292
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@FeatureKeyword 0x48 0x50 0x50 0x72 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@Forms? -114138595
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPTrayCount 3
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPTRAYINFOREGDATA 0x41 0x00 0x75 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPMediaCount 27
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPMEDIAINFOREGDATA 0x41 0x00 0x75 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@DMCStatus 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@InstallationComplete 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@PrinterPropertiesPermission 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPConvertAPIVersionOverride 3
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPRegionalPenErrorRecovery 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPSupportRegionalPenQuery 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPDynCtrDigits 5
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPPrintingLanguage 4
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@CombinedMediaStatus 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@TrayFormTable Tray 1?Letter?0?Manual Feed?Letter?0?
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@TrayFormMapSize 30
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@TrayFormMap 0x54 0x72 0x61 0x79 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@TrayFormKeywordSize 38
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@TrayFormKeyword 0x54 0x72 0x61 0x79 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@CustomRange 335534_598932
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@FontCart
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPDUMMY 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@PrintCartrigesPrevValue 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPFormCount 29
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPFORMINFOREGDATA 0xA6 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPCustomMinLength 117094
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPCustomMaxLength 594106
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPCustomMaxWidth 329946
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@HPCustomMinWidth 76200
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@MaxPaperWidth 3299
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@PresetRegUpdated 0
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\192.168.1.51\Printers\{937E5F4B-AC1D-45C3-B02D-5F5B17E54FCB}\PrinterDriverData@InstallDate 05/28/2010:02:04:21
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{952B2839-206E-4029-91B2-020DFE955DB4}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952B2839-206E-4029-91B2-020DFE955DB4}
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952B2839-206E-4029-91B2-020DFE955DB4}@Path \Microsoft\Windows Defender\MP Scheduled Scan
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952B2839-206E-4029-91B2-020DFE955DB4}@Triggers 0x15 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{952B2839-206E-4029-91B2-020DFE955DB4}@DynamicInfo 0x03 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows Defender\MP Scheduled Scan@Id {952B2839-206E-4029-91B2-020DFE955DB4}

---- EOF - GMER 1.0.15 ----
  • 0

#7
VisualEchos
Posted 03 June 2010 - 11:03 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL logfile created on: 6/3/2010 11:39:03 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\UltimateLurker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 127.27 Gb Free Space | 57.13% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.63 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 931.51 Gb Total Space | 317.46 Gb Free Space | 34.08% Space Free | Partition Type: NTFS

Computer Name: HOME
Current User Name: UltimateLurker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 23:27:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\UltimateLurker\Desktop\OTL.exe
PRC - [2010/03/19 13:10:58 | 000,704,512 | ---- | M] (Data Robotics, Inc.) -- C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe
PRC - [2010/02/25 16:11:04 | 000,856,064 | ---- | M] () -- C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe
PRC - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 13:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/02/23 10:49:16 | 002,652,056 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2008/12/11 16:58:44 | 000,146,800 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2008/04/24 16:52:22 | 000,066,880 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
PRC - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
PRC - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
PRC - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe
PRC - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
PRC - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
PRC - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2010/06/03 23:27:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\UltimateLurker\Desktop\OTL.exe
MOD - [2009/04/11 01:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/04/24 16:52:34 | 000,247,104 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFWAH.dll
MOD - [2008/01/19 02:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/03/19 13:10:58 | 000,704,512 | ---- | M] (Data Robotics, Inc.) [Auto | Running] -- C:\Program Files\Drobo\Drobo Dashboard\Support\DDService.exe -- (DDService)
SRV - [2010/02/25 16:11:04 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/09/24 20:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/21 14:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 16:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/12/11 16:58:44 | 000,146,800 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2008/09/13 13:37:13 | 000,024,576 | ---- | M] (Atribune.org) [On_Demand | Stopped] -- C:\Windows\System32\VundoFixSVC.exe -- (VundoFixSvc)
SRV - [2008/04/24 16:52:22 | 000,066,880 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/07/22 12:22:10 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/04/10 06:01:42 | 000,081,408 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2007/03/20 16:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2006/11/18 07:01:26 | 000,195,032 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel®
SRV - [2006/11/18 07:00:48 | 000,550,872 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel®
SRV - [2006/11/18 07:00:06 | 000,174,552 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel®
SRV - [2006/11/18 06:59:38 | 000,081,880 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe -- (ISSM) Intel®
SRV - [2006/11/18 06:59:02 | 000,032,216 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv™
SRV - [2006/11/07 13:27:02 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/10/29 09:03:30 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService)
SRV - [2006/09/29 12:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/03/23 23:13:14 | 000,057,344 | ---- | M] (Unibrain) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ubsbp2.sys -- (ubsbp2)
DRV - [2010/02/26 19:39:28 | 000,116,224 | ---- | M] (Unibrain) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ubohci.sys -- (ubohci)
DRV - [2010/02/26 19:38:50 | 000,046,592 | ---- | M] (Unibrain) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\UBUMAPI.sys -- (ubumapi)
DRV - [2010/02/26 19:38:32 | 000,017,408 | ---- | M] (Unibrain) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\UBSBM.sys -- (ubsbm)
DRV - [2009/12/07 22:22:25 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/09 01:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2009/04/14 03:33:00 | 007,766,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/03/30 10:33:07 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/01/21 10:38:32 | 000,095,640 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/04/24 16:52:44 | 000,038,208 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2008/04/24 16:52:42 | 000,033,088 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2008/04/24 16:52:38 | 000,051,520 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2008/01/19 00:53:31 | 000,045,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2008/01/19 00:53:31 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2008/01/19 00:53:28 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2008/01/18 23:25:05 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/04/10 13:43:15 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007/04/10 13:43:15 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/04/10 13:43:14 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007/04/10 05:59:50 | 000,005,504 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2007/02/08 00:16:26 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/18 07:01:08 | 000,018,904 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP)
DRV - [2006/11/02 04:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 04:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 04:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 04:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 04:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 04:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 04:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 04:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 04:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 04:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 04:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 04:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 04:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 04:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 04:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 04:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 04:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 04:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 04:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 04:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 04:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 04:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 04:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 04:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 04:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 04:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 04:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 04:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 04:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 04:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 03:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 03:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 03:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 03:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 03:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 03:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 02:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 02:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/02 02:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2006/10/19 15:49:48 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/09/29 14:59:58 | 000,250,368 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2006/09/27 16:37:24 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsgopro.sys -- (nmsgopro)
DRV - [2006/08/17 15:43:52 | 000,007,424 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Program Files\DellSupport\Drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2005/03/04 02:47:42 | 000,031,104 | ---- | M] (Pinnacle Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pinnmb.sys -- (PINNMB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:1.10.1
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/07 19:39:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/01/23 08:51:15 | 000,000,000 | ---D | M]

[2008/09/13 14:49:48 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\Mozilla\Extensions
[2009/05/25 09:19:20 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\Mozilla\Firefox\Profiles\svhvqpjf.default\extensions
[2009/05/25 09:19:16 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\Mozilla\Firefox\Profiles\svhvqpjf.default\extensions\[email protected]
[2008/09/13 14:49:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/05/05 20:50:20 | 000,000,509 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O2 - BHO: (no name) - {1161AE41-4CAA-4D3E-B97D-0245DA8ABDB3} - No CLSID value found.
O2 - BHO: (no name) - {497fcc62-abe6-4657-9b2d-e15b8051f4ce} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {F8F05662-6967-4F9A-8CDA-36A25BDA15BE} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00PCTFW] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe (PC Tools)
O4 - HKCU..\Run: [AdobeBridge] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} http://www.eset.eu/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\UltimateLurker\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\UltimateLurker\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/02 16:20:19 | 000,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/09/15 23:22:20 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.at3 - C:\Windows\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\DivXa32.acm (Packed With Joy !)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.divx - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.hfyu - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.vp60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.xvid - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 23:27:57 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\UltimateLurker\Desktop\OTL.exe
[2010/06/03 18:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/03 18:03:20 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\UltimateLurker\Desktop\TFC.exe
[2010/05/28 20:55:49 | 000,000,000 | ---D | C] -- C:\Users\UltimateLurker\AppData\Local\lqacvdlth
[2010/05/27 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2010/05/27 21:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2010/05/10 19:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\Unibrain
[2010/05/05 21:13:58 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010/05/05 21:05:20 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2010/05/05 21:02:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2010/04/23 07:39:55 | 000,000,000 | ---D | C] -- C:\Users\UltimateLurker\AppData\Local\Downloaded Installations
[2010/04/21 17:56:14 | 000,000,000 | ---D | C] -- C:\Users\UltimateLurker\AppData\Local\Drobo
[2010/04/21 17:55:02 | 000,000,000 | ---D | C] -- C:\Program Files\Drobo
[2010/03/24 18:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/03/23 23:23:12 | 001,146,880 | ---- | C] (Unibrain) -- C:\Windows\System32\UB1394.dll
[2010/03/23 23:13:14 | 000,057,344 | ---- | C] (Unibrain) -- C:\Windows\System32\drivers\ubsbp2.sys
[2010/03/21 08:17:59 | 000,000,000 | ---D | C] -- C:\Users\UltimateLurker\AppData\Local\xjjicv
[2010/03/21 08:17:58 | 000,000,000 | ---D | C] -- C:\Users\UltimateLurker\AppData\Local\qggkpb

========== Files - Modified Within 90 Days ==========

[2010/06/03 23:38:45 | 004,194,304 | -HS- | M] () -- C:\Users\UltimateLurker\ntuser.dat
[2010/06/03 23:37:23 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3725710014-262461293-1841910617-1001UA.job
[2010/06/03 23:36:51 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 23:36:51 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/03 23:36:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/03 23:36:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/03 23:31:28 | 252,943,947 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/03 23:30:40 | 006,291,456 | -H-- | M] () -- C:\Users\UltimateLurker\AppData\Local\IconCache.db
[2010/06/03 23:27:58 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\UltimateLurker\Desktop\OTL.exe
[2010/06/03 22:49:58 | 000,284,915 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\gmer.zip
[2010/06/03 18:43:06 | 000,000,735 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\NTREGOPT.lnk
[2010/06/03 18:43:06 | 000,000,716 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\ERUNT.lnk
[2010/06/03 18:34:23 | 000,524,288 | -HS- | M] () -- C:\Users\UltimateLurker\ntuser.dat{ec4f1fc1-776c-11dd-98e4-001676b6c38a}.TMContainer00000000000000000001.regtrans-ms
[2010/06/03 18:34:23 | 000,065,536 | -HS- | M] () -- C:\Users\UltimateLurker\ntuser.dat{ec4f1fc1-776c-11dd-98e4-001676b6c38a}.TM.blf
[2010/06/03 18:33:32 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3725710014-262461293-1841910617-1001Core.job
[2010/06/03 18:03:21 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\UltimateLurker\Desktop\TFC.exe
[2010/06/01 19:54:15 | 000,013,824 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\Upcoming Events.xls
[2010/05/31 16:07:09 | 000,033,792 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\Flow.xls
[2010/05/31 16:06:52 | 000,026,624 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\2010 Check Register.xls
[2010/05/26 07:24:02 | 004,046,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/05/25 22:03:16 | 000,201,584 | ---- | M] () -- C:\Users\UltimateLurker\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/05/25 21:38:21 | 000,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/05/25 21:38:21 | 000,595,446 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/05/25 21:38:21 | 000,101,144 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/05/23 19:55:15 | 000,024,576 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\Things to do.xls
[2010/05/10 18:54:56 | 000,016,384 | ---- | M] () -- C:\Users\UltimateLurker\Desktop\E-Pay.xls
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/04/09 10:15:26 | 000,173,056 | ---- | M] () -- C:\Users\UltimateLurker\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/23 23:23:12 | 001,146,880 | ---- | M] (Unibrain) -- C:\Windows\System32\UB1394.dll
[2010/03/23 23:13:14 | 000,057,344 | ---- | M] (Unibrain) -- C:\Windows\System32\drivers\ubsbp2.sys
[2010/03/17 21:52:22 | 000,013,262 | ---- | M] () -- C:\Windows\System32\Support.xml

========== Files Created - No Company Name ==========

[2010/06/03 22:49:52 | 000,284,915 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\gmer.zip
[2010/06/03 18:43:06 | 000,000,735 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\NTREGOPT.lnk
[2010/06/03 18:43:06 | 000,000,716 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\ERUNT.lnk
[2010/05/20 20:28:41 | 000,033,792 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\Flow.xls
[2010/05/20 20:28:32 | 000,016,384 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\E-Pay.xls
[2010/05/20 19:47:04 | 000,026,624 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\2010 Check Register.xls
[2010/05/01 10:19:32 | 000,013,824 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\Upcoming Events.xls
[2010/04/16 21:49:14 | 000,024,576 | ---- | C] () -- C:\Users\UltimateLurker\Desktop\Things to do.xls
[2010/03/03 22:20:00 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009/09/10 19:27:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008/09/13 11:51:09 | 000,000,233 | ---- | C] () -- C:\Windows\wininit.ini
[2008/04/10 11:52:08 | 000,662,016 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/10 11:52:06 | 003,104,256 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008/04/10 11:52:06 | 000,520,192 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008/04/10 11:52:06 | 000,404,992 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008/04/10 11:52:06 | 000,397,312 | ---- | C] () -- C:\Windows\System32\ff_libfaad2.dll
[2008/04/10 11:52:06 | 000,188,416 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008/04/10 11:52:06 | 000,167,936 | ---- | C] () -- C:\Windows\System32\ff_libdts.dll
[2008/04/10 11:52:06 | 000,143,360 | ---- | C] () -- C:\Windows\System32\ff_libmad.dll
[2008/04/10 11:52:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ff_samplerate.dll
[2008/04/10 11:52:06 | 000,122,880 | ---- | C] () -- C:\Windows\System32\libmpeg2_ff.dll
[2008/04/10 11:52:06 | 000,118,784 | ---- | C] () -- C:\Windows\System32\ff_realaac.dll
[2008/04/10 11:52:06 | 000,102,912 | ---- | C] () -- C:\Windows\System32\ff_tremor.dll
[2008/04/10 11:52:06 | 000,054,784 | ---- | C] () -- C:\Windows\System32\ff_liba52.dll
[2008/04/10 11:52:06 | 000,038,400 | ---- | C] () -- C:\Windows\System32\ff_unrar.dll
[2008/04/10 11:52:06 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008/04/10 11:50:40 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008/03/29 10:42:22 | 000,245,248 | ---- | C] () -- C:\Windows\System32\dxr.dll
[2008/03/29 10:42:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\mmfinfo.dll
[2008/03/29 10:42:14 | 000,102,400 | ---- | C] () -- C:\Windows\System32\avss.dll
[2008/03/29 10:42:08 | 000,148,992 | ---- | C] () -- C:\Windows\System32\mkx.dll
[2008/03/29 10:42:04 | 000,141,312 | ---- | C] () -- C:\Windows\System32\mp4.dll
[2008/03/29 10:42:04 | 000,108,032 | ---- | C] () -- C:\Windows\System32\avi.dll
[2008/03/29 10:42:02 | 000,120,832 | ---- | C] () -- C:\Windows\System32\ogm.dll
[2008/03/29 10:42:00 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ts.dll
[2008/03/29 10:41:54 | 000,097,280 | ---- | C] () -- C:\Windows\System32\avs.dll
[2008/03/29 10:41:52 | 000,079,360 | ---- | C] () -- C:\Windows\System32\mkzlib.dll
[2008/03/29 10:41:52 | 000,023,552 | ---- | C] () -- C:\Windows\System32\mkunicode.dll
[2008/03/25 18:34:35 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/03/21 15:30:08 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/03/21 15:28:54 | 000,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2007/12/31 19:00:00 | 000,741,376 | ---- | C] () -- C:\Windows\System32\audxlib.dll
[2007/12/31 19:00:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\TomsMoComp_ff.dll
[2007/12/31 19:00:00 | 000,204,800 | ---- | C] () -- C:\Windows\System32\ff_kernelDeint.dll
[2007/10/13 04:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\System32\Registration.ini
[2007/06/28 13:54:10 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2007/04/14 21:42:49 | 000,548,864 | ---- | C] () -- C:\Windows\System32\hpgt4850.dll
[2007/04/13 13:45:36 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/07 14:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/16 23:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/16 23:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/06/23 09:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll

========== LOP Check ==========

[2008/08/22 20:15:54 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\GetRightToGo
[2009/06/18 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\Lucis
[2008/09/16 00:24:17 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\PCToolsFirewallPlus
[2007/07/07 19:50:21 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\Snapfish
[2010/04/01 18:40:34 | 000,000,000 | ---D | M] -- C:\Users\UltimateLurker\AppData\Roaming\uTorrent
[2010/06/03 18:33:56 | 000,032,618 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/12/02 16:20:19 | 000,000,121 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2006/11/10 08:22:24 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2008/09/15 12:39:02 | 000,017,455 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2007/04/10 13:43:30 | 000,004,367 | RH-- | M] () -- C:\dell.sdr
[2008/12/24 14:04:09 | 000,003,532 | ---- | M] () -- C:\drmHeader.bin
[2008/09/13 14:48:58 | 007,499,056 | ---- | M] (Mozilla) -- C:\Firefox Setup 3.0.1.exe
[2007/10/28 09:18:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/29 09:16:31 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2007/10/28 09:18:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/06/03 23:36:26 | 2459,136,000 | -HS- | M] () -- C:\pagefile.sys
[2008/09/13 13:37:11 | 000,000,365 | ---- | M] () -- C:\VundoFix.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 06:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 06:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 01:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 01:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2009/04/11 01:28:25 | 000,443,392 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\win32spl.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 05:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 05:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C31F31E6
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:1CA73D29
< End of report >
  • 0

#8
VisualEchos
Posted 03 June 2010 - 11:03 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
OTL Extras logfile created on: 6/3/2010 11:39:03 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\UltimateLurker\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 50.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.78 Gb Total Space | 127.27 Gb Free Space | 57.13% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.63 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive P: | 931.51 Gb Total Space | 317.46 Gb Free Space | 34.08% Space Free | Partition Type: NTFS

Computer Name: HOME
Current User Name: UltimateLurker
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [TVersity] -- "C:\Users\UltimateLurker\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3725710014-262461293-1841910617-1001]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0592466A-F203-4B7F-9645-A19FB4792412}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A764786-620D-465F-9B21-C1E0DDA51EDB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{19009F05-84E3-4A26-B145-136A93C5C720}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{45808834-8DE1-4FF2-86D5-F3F402BB5C49}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{4FBEEC10-EC38-4117-A90D-265B229AAAF1}" = lport=15782 | protocol=17 | dir=in | name=bitcomet 15782 udp |
"{5B7B400D-E00B-42D1-8E46-3DB6DDA6976D}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv™ media server upnp discovery |
"{68554F28-0C00-42A3-B382-7BDB41CCD878}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{83842DA1-6A40-4191-9415-068D62C5801C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{962A84BE-D440-4B3E-B453-161196D649AC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A6304F10-DFAA-45E6-B58A-E651A8DB4C67}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AF1BA196-4D16-4124-8206-BFB12CB326FE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D8A5F744-12DE-49E8-A913-75DE56FAED71}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{E5D86F5C-0BA8-40D2-AFF4-3D237F49A990}" = lport=15782 | protocol=6 | dir=in | name=bitcomet 15782 tcp |
"{EA4FEBB3-4472-4AC5-82AC-B071650DD8AC}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{F5F81FAF-AA14-441B-BD93-052AFA897308}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F8CAA231-0B9A-4F54-A530-D0957455B928}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv™ media server discovery |
"{FF57C33E-A241-4380-BDD7-B9F734CAAD49}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0835D91D-5728-413F-B6B3-C24B0B618674}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AB924B8-91F3-489B-BF51-97CA60D553AC}" = protocol=17 | dir=in | app=c:\program files\drobo\drobo dashboard\support\ddservice.exe |
"{0D6C148A-5A03-4095-947A-CED6F5733B16}" = protocol=6 | dir=in | app=c:\users\ultimatelurker\appdata\local\tversity\media server\mediaserver.exe |
"{0ED20E06-E327-4FB4-83F2-A5FEFC45162B}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{1971B8F5-C280-46FD-B8E7-31FCB408F371}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1A00667C-6B94-4A4E-84FB-FC63F406A647}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1A5DA45D-38F4-4060-9780-D64625F4FD00}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{22227E76-DFBD-4FA8-B9B8-B58E804A8A97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{285F2C60-D1B8-4D06-BADD-47A31EB59211}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{2AD97211-6925-4CBC-A143-821D80532606}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{32FC3BF5-436A-4663-86F9-BF922F22DD15}" = protocol=6 | dir=in | app=c:\program files\drobo\drobo dashboard\support\ddservice.exe |
"{35C3B63D-E343-46BD-BA3C-DE0E243C2145}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{41B89958-4C56-4568-BCA0-D7DFB96A4BFC}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{4F72F336-B927-4534-9EE1-5A1BCCA96DD7}" = protocol=6 | dir=in | app=c:\program files\drobo\drobo dashboard\support\ddservice.exe |
"{5473F5CA-B287-4A7B-BE2C-AB726C926639}" = protocol=6 | dir=in | app=k:\music\itunes\itunes.exe |
"{54E86628-C28D-4D13-A6CA-3649C06DC755}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{6F16093C-DD4C-4B20-9293-734C13DF6534}" = protocol=6 | dir=out | app=system |
"{70766E8D-2FC3-4158-91F8-214D77359A69}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{87B2689B-DFCE-4D56-80C8-D7FA93579494}" = protocol=17 | dir=in | app=c:\users\ultimatelurker\appdata\local\tversity\media server\mediaserver.exe |
"{87D4A748-D272-44FC-AEA1-1FFE796BBFDC}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{9C36E1B2-DCBA-41E1-94AD-3109920D1659}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AC5D5109-9C6D-43DA-8A07-BC17112F28A0}" = protocol=17 | dir=in | app=k:\music\itunes\itunes.exe |
"{AEBE19EE-0B4B-49A9-8DA4-940DCF125EC5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B374A365-44D5-4FBE-9FBE-DA82955B65C8}" = protocol=17 | dir=in | app=c:\program files\drobo\drobo dashboard\support\ddservice.exe |
"{BAC82205-75FF-4780-81AF-80652F727A8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C2AA373A-0E7D-44AA-872B-063BFC86F8FE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB4E490D-8CA9-4CE6-BDC3-40259C0C06DB}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CD86F908-3D6B-429C-AA15-83D392E79A00}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{D284625E-FF42-450B-848F-A49B457C1734}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D3263F05-8ECB-4BB5-BAE4-D8D23AA6A0F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{DBB64A5A-25E1-402B-9601-5B0A39E16D35}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E2A9A2B9-29BF-4A2C-BD0A-DC2C42A25515}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{E2B3FE71-EA2D-46A4-B6DC-4E40152F6B40}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{F709C52C-616F-47EA-B04D-4D390805F599}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"TCP Query User{092D2991-E685-41CA-9D06-436A65D95647}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5953030D-8904-482E-9EC6-EB1D2F655B9F}C:\users\ultimatelurker\my book back-up\music\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\users\ultimatelurker\my book back-up\music\itunes\itunes.exe |
"TCP Query User{5F844FAD-AA18-4585-8BBB-344CD1C32EE3}K:\music\itunes\itunes.exe" = protocol=6 | dir=in | app=k:\music\itunes\itunes.exe |
"TCP Query User{D9FB67CF-DC3F-415B-9608-0B5BC1E4B068}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |
"UDP Query User{6435C0A0-012F-4ECC-9A36-AD4C2A8819C5}C:\users\ultimatelurker\my book back-up\music\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\users\ultimatelurker\my book back-up\music\itunes\itunes.exe |
"UDP Query User{795DF1C6-C999-4538-8745-2D76AD02C166}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{E7B754F9-AE56-4FF6-9A8B-3B06F4360CBB}K:\music\itunes\itunes.exe" = protocol=17 | dir=in | app=k:\music\itunes\itunes.exe |
"UDP Query User{F3F68692-A8EA-44F3-AB95-BF7EB3AC1F16}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26C610BF-761B-4209-BD6A-A0F1B73D6DDE}" = Intel® Viiv™ Software
"{288DB08D-0708-4A94-B055-55B99E39EB62}" = Adobe Creative Suite 5 Master Collection
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{333B10B5-5DD1-44C0-891C-9738FDE14CC1}" = Drobo Dashboard
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3E2C691B-B7E6-4053-B5C3-94B8BC407E7A}" = Adobe Premiere Elements 4.0
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}" = User's Guides
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{659B48CD-0608-4ED5-94C0-0B6C87114F10}" = Apple Mobile Device Support
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7CBD8A89-45F4-4203-9923-673F72603747}" = Adobe Photoshop Lightroom 2.3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Documentation & Support Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8EDBA74D-0686-4C99-BFDD-F894678E5102}" = Adobe Common File Installer
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A89768CF-CD21-44FD-A723-16D5A8557415}" = NEF Codec
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{AC76BA86-7AD7-5760-0000-705000000001}" = Adobe Reader Japanese Fonts
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB30938E-2BCE-4837-9FEB-EB5DAB000235}" = LucisArt 3 ED/SE
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CC5702D7-86E2-45A8-99D7-E8B976ADCC56}" = iTunes
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore 5.70
"{F85C7118-F3DC-4ED9-AB27-3E7931EA3D88}" = Adobe Premiere Elements 4.0 Templates
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire 3.5
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.2 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ERUNT_is1" = ERUNT 1.1j
"ffdshow_is1" = ffdshow [rev 1723] [2007-12-24]
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"InstallShield_{F65FE148-FCF5-42F7-8803-FA0B7DA8B8A4}" = ubCore 5.70
"Intel® Configuration Center" = Intel® Viiv™ Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Media Player - Codec Pack" = Media Player Codec Pack 3.1.0
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 5.0
"PhotomatixPro3_is1" = Photomatix Pro version 3.0
"PremElem40" = Adobe Premiere Elements 4.0
"PremElem40Templates" = Adobe Premiere Elements 4.0 Templates
"TVersity Codec Pack" = TVersity Codec Pack 1.2
"TVersity Media Server" = TVersity Media Server 1.8 Beta
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2008 8:32:38 AM | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 5/24/2008 9:53:39 AM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application UPNP.exe, version 1.0.3.19, time stamp 0x45fe1d75,
faulting module hnetcfg.dll_unloaded, version 0.0.0.0, time stamp 0x4549bce3, exception
code 0xc0000005, fault offset 0x6f67cdd7, process id 0x61c, application start time
0x01c8bda5820b65c6.

Error - 6/19/2008 6:27:16 PM | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/19/2008 6:27:20 PM | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/19/2008 6:27:21 PM | Computer Name = Home | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 6/30/2008 12:53:04 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16681, time stamp
0x48113d17, faulting module FlDbg9c.ocx, version 9.0.45.0, time stamp 0x45db8aeb,
exception code 0xc0000005, fault offset 0x001a354a, process id 0xa6c, application
start time 0x01c8dad079dc42b0.

Error - 7/15/2008 12:49:54 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16681, time stamp
0x48113d17, faulting module ntdll.dll, version 6.0.6000.16386, time stamp 0x4549bdc9,
exception code 0xc0000374, fault offset 0x000af1c9, process id 0x1788, application
start time 0x01c8e6780f9b5040.

Error - 8/1/2008 12:30:19 PM | Computer Name = Home | Source = System Restore | ID = 8193
Description =

Error - 8/2/2008 7:12:31 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16681, time stamp
0x48113d17, faulting module FlDbg9c.ocx, version 9.0.45.0, time stamp 0x45db8aeb,
exception code 0xc0000005, fault offset 0x000f87fe, process id 0x1e20, application
start time 0x01c8f4f47f0aa220.

Error - 8/5/2008 8:47:15 PM | Computer Name = Home | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16681, time stamp
0x48113d17, faulting module mshtml.dll, version 7.0.6000.16681, time stamp 0x48115c39,
exception code 0xc0000005, fault offset 0x0017d234, process id 0xd48, application
start time 0x01c8f75c9f265300.

[ Media Center Events ]
Error - 12/13/2007 12:54:13 AM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 5/23/2008 1:43:18 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 5/26/2008 2:17:58 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/2/2008 12:46:00 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 6/8/2008 9:22:14 AM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight.

Error - 10/6/2008 7:41:50 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/27/2008 7:38:06 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/28/2008 6:38:22 PM | Computer Name = Home | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/28/2008 6:44:59 PM | Computer Name = Home | Source = Media Center Guide | ID = 0
Description = Event Info: ERROR: SqmApiWrapper.TimerRecord failed; Win32 GetLastError
returned 10000105 Process: DefaultDomain Object Name: Media Center Guide

Error - 10/11/2009 11:13:18 PM | Computer Name = Home | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ System Events ]
Error - 6/3/2010 11:55:53 PM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 6/4/2010 12:14:07 AM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:13:06 PM on 6/3/2010 was unexpected.

Error - 6/4/2010 12:17:25 AM | Computer Name = Home | Source = Service Control Manager | ID = 7009
Description =

Error - 6/4/2010 12:17:25 AM | Computer Name = Home | Source = Service Control Manager | ID = 7000
Description =

Error - 6/4/2010 12:20:16 AM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 6/4/2010 12:22:03 AM | Computer Name = Home | Source = DCOM | ID = 10010
Description =

Error - 6/4/2010 12:24:11 AM | Computer Name = Home | Source = Service Control Manager | ID = 7034
Description =

Error - 6/4/2010 12:31:45 AM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:29:48 PM on 6/3/2010 was unexpected.

Error - 6/4/2010 12:36:39 AM | Computer Name = Home | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:34:26 PM on 6/3/2010 was unexpected.

Error - 6/4/2010 12:39:23 AM | Computer Name = Home | Source = DCOM | ID = 10010
Description =


< End of report >
  • 0

#9
VisualEchos
Posted 03 June 2010 - 11:05 PM

VisualEchos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 33 posts
And my MBAM log.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4168

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

6/3/2010 6:50:54 PM
mbam-log-2010-06-03 (18-50-54).txt

Scan type: Quick scan
Objects scanned: 135685
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP