Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

That Nasty Google Redirect Virus Again

Started by pelican2011 , Feb 28 2011 05:36 PM

  • This topic is locked This topic is locked

#1
pelican2011
Posted 28 February 2011 - 05:36 PM

pelican2011

    New Member

  • Member
  • Pip
  • 3 posts
I recently began noticing a couple of weeks ago that my search results links in Google were taking me to random places I had never searched for. I did nothing for a while thinking that my next virus scan would solve the problem. It never did. I went to the Google Tools site and downloaded their recommended anti-spyware tools. Running these tools (Immunet Protect, PCTools Spyware Doctor) as well as the free version of SuperAntiSpyware did catch a few trojans but did not solve the larger problem of the redirects. I have run the scans and cleaners on your malware page with no significant effect. I'm thinking that it may be a newer version of the virus that slips past all the scanners. This seems to be a tough nut to crack. OTL logs attached.

Attached Files


  • 0

Advertisements

#2
Salagubang
Posted 06 March 2011 - 12:36 AM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi Pelican2011,

Welcome to Geekstogo. My name is Salagubang and I'll be helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you
  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.

+++++++++++++++++++++++++++++++++++++++++++

We start with a rootkit scan.

GMER Rootkit Scanner
  • Posted Image GMER Rootkit Scanner - Download - Homepage
  • Download GMER
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe.
    Posted Image
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)

    NOTE - Not all of the tick boxes will be available if you are running a 64bit Operating System. You may also get an error message display on the screen when using a 64bit Operating System, this is normal, just click on OK and let it carry on.

    Posted Image
    Click the image to enlarge it
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save the log where you can easily find it, such as your desktop.

**Caution**Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Please copy and paste the report into your Post.


  • 0

#3
pelican2011
Posted 11 March 2011 - 09:42 PM

pelican2011

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
I've run GMER. Not much of interest except maybe the Google Toolbar entry. Let me know what you think. Thanks.

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-03-10 07:45:43
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD800BB-53CAA1 rev.17.07W17
Running: gmer.exe; Driver: C:\DOCUME~1\ROBERT~1.MON\LOCALS~1\Temp\fwrdypoc.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF77726FA]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7750F68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7751230]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF77730B4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF777343E]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7771938]
SSDT \SystemRoot\system32\DRIVERS\ImmunetSelfProtect.sys (Immunet Self Protect Driver/Windows ® Codename Longhorn DDK provider) ZwOpenProcess [0xF7BAFCCE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7773982]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7772AB8]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xED55F620]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 108 804E2774 5 Bytes [68, 0F, 75, F7, 30] {PUSH 0x30f7750f}
.text ntoskrnl.exe!_abnormal_termination + 10E 804E277A 2 Bytes [75, F7] {JNZ 0xfffffffffffffff9}
.text C:\WINDOWS\System32\DRIVERS\nv4_mini.sys section is writeable [0xF6D6C340, 0xFFF3F, 0xF8000020]
.text C:\WINDOWS\System32\nv4_disp.dll section is writeable [0xBF012300, 0x234A20, 0xF8000020]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xEC8C2400, 0x51DAE, 0xE0000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEC92CC20] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xEC92CC20]
.protect˙˙˙˙hardlockunknown last code section [0xEC92CA00, 0x5421, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xEC92CA00, 0x5421, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[300] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\ctfmon.exe[300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[348] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[420] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\WINDOWS\system32\spoolsv.exe[420] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01740001
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [84, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [99, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [90, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [96, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [93, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\taskmgr.exe[464] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [87, 71]
.text C:\WINDOWS\system32\taskmgr.exe[464] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AC0001
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 05C90001
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[528] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\Explorer.EXE[528] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CC0001
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\rundll32.exe[620] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\rundll32.exe[620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CD0001
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[908] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\System32\svchost.exe[908] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe[1016] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[1064] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\csrss.exe[1064] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03040001
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[1088] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01190001
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe[1112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C20001
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[1136] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00DC0001
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[1148] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006D0001
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe[1216] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01570001
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1320] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02790001
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1428] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE[1460] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FE0001
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1572] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71]
.text C:\WINDOWS\System32\svchost.exe[1572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02200001
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1620] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\svchost.exe[1620] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\CTHELPER.EXE[1712] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[1736] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 018F0001
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71]
.text C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe[1776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F20001
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1824] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\System32\svchost.exe[1824] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BA0001
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71]
.text C:\WINDOWS\system32\inetsrv\inetinfo.exe[1876] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01AB0001
.text C:\Program Files\PC Tools Security\pctsGui.exe[1888] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BB9D C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools)
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe[1976] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02740001
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2032] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\System32\svchost.exe[2032] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009B0001
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\msdtc.exe[2484] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\System32\msdtc.exe[2484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01190001
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\nvsvc32.exe[2524] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B70001
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [82, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [97, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8B, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A3, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9D, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9A, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8E, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A0, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [88, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [94, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [91, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [85, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 062B0001
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2672] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BEE1 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [93, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [87, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9F, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [99, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [96, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8A, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9C, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [84, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [90, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8D, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [81, 71]
.text C:\WINDOWS\System32\tcpsvcs.exe[2776] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009F0001
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\snmp.exe[2796] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71]
.text C:\WINDOWS\System32\snmp.exe[2796] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 008E0001
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\System32\svchost.exe[2816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EB0001
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe[2928] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007B0001
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [82, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [97, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8B, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A3, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9D, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9A, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8E, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A0, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [88, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [94, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [91, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [85, 71]
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0B690001
.text C:\WINDOWS\system32\SearchIndexer.exe[3188] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [92, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [86, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [98, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [95, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [89, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [83, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqsvc.exe[3384] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [80, 71]
.text C:\WINDOWS\system32\mqsvc.exe[3384] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [7F, 71] {JG 0x73}
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [94, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [88, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A0, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9A, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [97, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8B, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [9D, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [85, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [91, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [8E, 71]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[3584] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [82, 71]
.text C:\WINDOWS\System32\alg.exe[3584] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00840001
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [83, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [98, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [89, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [95, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [92, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wuauclt.exe[3628] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\wuauclt.exe[3628] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 029F0001
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [87, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9C, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AE, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [90, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A2, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9F, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [93, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A5, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8D, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [99, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [96, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [8A, 71]
.text C:\Documents and Settings\Robert.MONSTER\Desktop\gmer.exe[3740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003A0001
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [86, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtRenameKey 7C90DA5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtRenameKey + 4 7C90DA62 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [92, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [98, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtWriteFileGather 7C90DF8E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtWriteFileGather + 4 7C90DF92 2 Bytes [95, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [89, 71]
.text C:\WINDOWS\system32\mqtgsvc.exe[3816] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D80001

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp Mpfp.sys (McAfee Personal Firewall Plus Driver/McAfee, Inc.)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
  • 0

#4
Salagubang
Posted 11 March 2011 - 09:53 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Hi,

Thank you for posting the log I requested. Lets see if this is one of the new variants.

Please download MBRCheck.exe to your Desktop. Run the application.

If no infection is found, it will produce a report on the desktop. Post that report in your next reply.

If an infection is found, you will be presented with the following dialog:

Enter 'Y' and hit ENTER for more options, or 'N' to exit:


Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
  • 0

#5
pelican2011
Posted 12 March 2011 - 10:06 AM

pelican2011

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Here is the MBRCheck Report:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 151):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x806EF000 \WINDOWS\system32\hal.dll
0xF7D6F000 \WINDOWS\system32\KDCOM.DLL
0xF7C7F000 \WINDOWS\system32\BOOTVID.dll
0xF7820000 ACPI.sys
0xF7D71000 \WINDOWS\System32\DRIVERS\WMILIB.SYS
0xF780F000 pci.sys
0xF786F000 isapnp.sys
0xF787F000 ohci1394.sys
0xF788F000 \WINDOWS\System32\DRIVERS\1394BUS.SYS
0xF7D73000 intelide.sys
0xF7AEF000 \WINDOWS\System32\DRIVERS\PCIIDEX.SYS
0xF789F000 MountMgr.sys
0xF77F0000 ftdisk.sys
0xF7D75000 dmload.sys
0xF77CA000 dmio.sys
0xF7AF7000 PartMgr.sys
0xF78AF000 VolSnap.sys
0xF77B2000 atapi.sys
0xF78BF000 disk.sys
0xF78CF000 \WINDOWS\System32\DRIVERS\CLASSPNP.SYS
0xF7792000 fltmgr.sys
0xF7780000 sr.sys
0xF78DF000 PxHelp20.sys
0xF7769000 KSecDD.sys
0xF7756000 WudfPf.sys
0xF76C9000 Ntfs.sys
0xF769C000 NDIS.sys
0xF7682000 Mup.sys
0xF78EF000 agp440.sys
0xF791F000 \SystemRoot\System32\DRIVERS\nic1394.sys
0xF7A3F000 \SystemRoot\System32\DRIVERS\intelppm.sys
0xF6E85000 \SystemRoot\System32\DRIVERS\nv4_mini.sys
0xF6E71000 \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS
0xF7B1F000 \SystemRoot\System32\DRIVERS\usbohci.sys
0xF6E4D000 \SystemRoot\System32\DRIVERS\USBPORT.SYS
0xF7B27000 \SystemRoot\System32\DRIVERS\usbehci.sys
0xF6E29000 \SystemRoot\System32\DRIVERS\e100b325.sys
0xF6DB1000 \SystemRoot\system32\drivers\ctaud2k.sys
0xF6D8D000 \SystemRoot\system32\drivers\portcls.sys
0xF7A4F000 \SystemRoot\system32\drivers\drmk.sys
0xF6D6A000 \SystemRoot\system32\drivers\ks.sys
0xF6D51000 \SystemRoot\system32\drivers\ctoss2k.sys
0xF7DB3000 \SystemRoot\System32\drivers\ctprxy2k.sys
0xF6C7C000 \SystemRoot\System32\DRIVERS\BCMDM.sys
0xF7B2F000 \SystemRoot\System32\Drivers\Modem.SYS
0xF7A5F000 \SystemRoot\System32\DRIVERS\i8042prt.sys
0xF7B37000 \SystemRoot\System32\DRIVERS\kbdclass.sys
0xF7B3F000 \SystemRoot\System32\DRIVERS\fdc.sys
0xF7A6F000 \SystemRoot\System32\DRIVERS\serial.sys
0xF763A000 \SystemRoot\System32\DRIVERS\serenum.sys
0xF6C68000 \SystemRoot\System32\DRIVERS\parport.sys
0xF7A8F000 \SystemRoot\System32\Drivers\Imapi.SYS
0xF7B47000 \SystemRoot\system32\drivers\Afc.sys
0xF7A9F000 \SystemRoot\System32\DRIVERS\cdrom.sys
0xF7AAF000 \SystemRoot\System32\DRIVERS\redbook.sys
0xF6C4D000 \SystemRoot\System32\Drivers\pwd_2k.SYS
0xF7B4F000 \SystemRoot\System32\DRIVERS\usbuhci.sys
0xF6C36000 \SystemRoot\System32\DRIVERS\dne2000.sys
0xF7EA5000 \SystemRoot\System32\DRIVERS\audstub.sys
0xF7ABF000 \SystemRoot\System32\DRIVERS\rasl2tp.sys
0xF6FD9000 \SystemRoot\System32\DRIVERS\ndistapi.sys
0xF6BD6000 \SystemRoot\System32\DRIVERS\ndiswan.sys
0xF7ACF000 \SystemRoot\System32\DRIVERS\raspppoe.sys
0xF7ADF000 \SystemRoot\System32\DRIVERS\raspptp.sys
0xF7B57000 \SystemRoot\System32\DRIVERS\TDI.SYS
0xF6BC5000 \SystemRoot\System32\DRIVERS\psched.sys
0xF7075000 \SystemRoot\System32\DRIVERS\msgpc.sys
0xF7B5F000 \SystemRoot\System32\DRIVERS\ptilink.sys
0xF7B67000 \SystemRoot\System32\DRIVERS\raspti.sys
0xF7065000 \SystemRoot\System32\Drivers\pcouffin.sys
0xF6B95000 \SystemRoot\System32\DRIVERS\rdpdr.sys
0xF7055000 \SystemRoot\System32\DRIVERS\termdd.sys
0xF7B6F000 \SystemRoot\System32\DRIVERS\mouclass.sys
0xF7DB5000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF6B37000 \SystemRoot\System32\DRIVERS\update.sys
0xF6FC1000 \SystemRoot\System32\DRIVERS\mssmbios.sys
0xF7B77000 \SystemRoot\System32\Drivers\mmc_2K.SYS
0xF7B7F000 \SystemRoot\System32\Drivers\dvd_2K.SYS
0xF7045000 \SystemRoot\System32\DRIVERS\usbhub.sys
0xF7DB9000 \SystemRoot\System32\DRIVERS\USBD.SYS
0xF7035000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xED959000 \SystemRoot\system32\drivers\ha10kx2k.sys
0xED944000 \SystemRoot\System32\drivers\ctac32k.sys
0xED92B000 \SystemRoot\System32\drivers\emupia2k.sys
0xED90C000 \SystemRoot\System32\drivers\ctsfm2k.sys
0xF7D2B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0xF7B87000 \SystemRoot\System32\DRIVERS\flpydisk.sys
0xF7F8E000 \SystemRoot\System32\Drivers\Cdr4_xp.SYS
0xF7F8F000 \SystemRoot\System32\Drivers\Cdralw2k.SYS
0xF7DC1000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7F89000 \SystemRoot\System32\Drivers\Null.SYS
0xF7DC3000 \SystemRoot\System32\Drivers\Beep.SYS
0xF7B97000 \SystemRoot\System32\drivers\vga.sys
0xF7DC5000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7DC7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xED8B2000 \SystemRoot\System32\Drivers\cdudf_xp.SYS
0xF7B9F000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7BA7000 \SystemRoot\System32\Drivers\Npfs.SYS
0xED86D000 \SystemRoot\System32\Drivers\UdfReadr_xp.SYS
0xF7D4B000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xED820000 \SystemRoot\System32\DRIVERS\ipsec.sys
0xED7C7000 \SystemRoot\System32\DRIVERS\tcpip.sys
0xED7A0000 \SystemRoot\System32\Drivers\Mpfp.sys
0xF7015000 \SystemRoot\System32\DRIVERS\ipfltdrv.sys
0xED778000 \SystemRoot\System32\DRIVERS\netbt.sys
0xED756000 \SystemRoot\System32\drivers\afd.sys
0xF7005000 \SystemRoot\System32\DRIVERS\netbios.sys
0xF7D57000 \SystemRoot\system32\drivers\sbaphd.sys
0xED68B000 \SystemRoot\System32\DRIVERS\rdbss.sys
0xED61B000 \SystemRoot\System32\DRIVERS\mrxsmb.sys
0xF6FE5000 \SystemRoot\System32\Drivers\Fips.SYS
0xED5F5000 \SystemRoot\System32\DRIVERS\ipnat.sys
0xF792F000 \SystemRoot\System32\DRIVERS\wanarp.sys
0xF793F000 \SystemRoot\System32\DRIVERS\arp1394.sys
0xF7656000 \SystemRoot\System32\DRIVERS\usbscan.sys
0xF7652000 \SystemRoot\System32\DRIVERS\hidusb.sys
0xF795F000 \SystemRoot\System32\DRIVERS\HIDCLASS.SYS
0xF7BAF000 \SystemRoot\System32\DRIVERS\HIDPARSE.SYS
0xF764E000 \SystemRoot\System32\DRIVERS\mouhid.sys
0xF7BB7000 \SystemRoot\System32\DRIVERS\usbccgp.sys
0xF7BBF000 \SystemRoot\System32\DRIVERS\usbprint.sys
0xF7BC7000 \SystemRoot\System32\DRIVERS\USBSTOR.SYS
0xF764A000 \SystemRoot\system32\DRIVERS\wdcsam.sys
0xED5B5000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7DDB000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xEDA13000 \SystemRoot\System32\drivers\Dxapi.sys
0xF7BD7000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7FA6000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBF3CB000 \SystemRoot\System32\ATMFD.DLL
0xED726000 \SystemRoot\system32\drivers\sbapifs.sys
0xF7BF7000 \SystemRoot\system32\DRIVERS\elagopro.sys
0xED1E4000 \SystemRoot\System32\DRIVERS\ndisuio.sys
0xECE60000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xECE4B000 \SystemRoot\system32\drivers\wdmaud.sys
0xECFFC000 \SystemRoot\system32\drivers\sysaudio.sys
0xECB15000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xECA58000 \SystemRoot\System32\DRIVERS\mrxdav.sys
0xF7DE7000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xEC9D1000 \??\C:\WINDOWS\System32\Drivers\CVPNDRV.sys
0xF7DE9000 \SystemRoot\system32\DRIVERS\elaunidr.sys
0xEC899000 \??\C:\WINDOWS\system32\drivers\hardlock.sys
0xEC779000 \SystemRoot\System32\DRIVERS\srv.sys
0xEC712000 \??\C:\WINDOWS\system32\drivers\mqac.sys
0xF7E27000 \??\C:\WINDOWS\System32\PfModNT.sys
0xEC6B8000 \??\C:\WINDOWS\system32\drivers\RMCast.sys
0xEBDA5000 \SystemRoot\system32\drivers\kmixer.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 50):
0 System Idle Process
4 System
900 C:\WINDOWS\system32\smss.exe
956 csrss.exe
980 C:\WINDOWS\system32\winlogon.exe
1024 C:\WINDOWS\system32\services.exe
1036 C:\WINDOWS\system32\lsass.exe
1208 C:\WINDOWS\system32\svchost.exe
1296 svchost.exe
1420 C:\WINDOWS\system32\svchost.exe
1460 C:\WINDOWS\system32\svchost.exe
1616 C:\Program Files\USBancorp\USBancorp VPN Client\cvpnd.exe
1784 svchost.exe
1952 C:\WINDOWS\explorer.exe
1960 svchost.exe
412 C:\WINDOWS\system32\spoolsv.exe
420 C:\WINDOWS\system32\rundll32.exe
708 C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
716 C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
732 C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe
764 C:\WINDOWS\system32\cthelper.exe
776 C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
804 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
848 C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
860 C:\WINDOWS\system32\ctfmon.exe
880 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
936 C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
1804 svchost.exe
2008 C:\WINDOWS\system32\inetsrv\inetinfo.exe
448 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
1080 msdtc.exe
1720 C:\WINDOWS\system32\nvsvc32.exe
2060 C:\WINDOWS\system32\tcpsvcs.exe
2124 C:\WINDOWS\system32\snmp.exe
2180 C:\WINDOWS\system32\svchost.exe
2284 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
2404 C:\WINDOWS\system32\searchindexer.exe
2580 C:\WINDOWS\system32\mqsvc.exe
2588 C:\WINDOWS\system32\wuauclt.exe
3088 C:\WINDOWS\system32\mqtgsvc.exe
3816 alg.exe
3908 wmiprvse.exe
1556 C:\Program Files\Outlook Express\msimn.exe
760 C:\Program Files\Internet Explorer\iexplore.exe
680 <unknown>
2624 C:\Program Files\Internet Explorer\iexplore.exe
3724 C:\WINDOWS\system32\searchprotocolhost.exe
316 searchfilterhost.exe
1864 C:\WINDOWS\system32\searchprotocolhost.exe
3992 C:\Documents and Settings\Robert.MONSTER\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: WDCWD800BB-53CAA1, Rev: 17.07W17
PhysicalDrive1 Model Number: WDCWD2500JB-00EVA0, Rev: 15.05R15
PhysicalDrive2 Model Number: WDMy Book, Rev: 1011

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
232 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
931 GB \\.\PhysicalDrive2 RE: Legit MBR code detected
SHA1: 317A49A9E93F077F2D004734D2A7B6CA7E7B9495


Done!
  • 0

#6
Salagubang
Posted 12 March 2011 - 07:25 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Please download ComboFix from one of these locations:

Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

#7
Salagubang
Posted 12 March 2011 - 07:26 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
double post
  • 0

#8
Salagubang
Posted 26 March 2011 - 08:31 PM

Salagubang

    Trusted Helper

  • Malware Removal
  • 3,891 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP