Hello sorry for the delay, very busy weekend. Here are the logs and I will PM you with MBR.dat afterwards. Also wanted to mention that every time I run these scans it seems like immediately after more spyware pops up. I am assuming that is the virus/trojan attempting to re-establish itself after being roughed up by the scans. For instance, after running these scans, I have a new program running in the task manager called "msltus4032.exe" this is a new process that I haven't seen before. I'm assuming its spyware. Whats your take on it?
Logs:
OTL logfile created on: 5/30/2011 08:44:02 PM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop\Geeks2Go
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.79 Gb Total Space | 11.31 Gb Free Space | 4.94% Space Free | Partition Type: NTFS
Drive D: | 4.09 Gb Total Space | 2.01 Gb Free Space | 49.07% Space Free | Partition Type: FAT32
Drive E: | 592.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive F: | 6.60 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1.89 Gb Total Space | 1.13 Gb Free Space | 59.63% Space Free | Partition Type: FAT
Computer Name: ANDERWOLF | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ========== PRC - [2011/05/29 17:58:41 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\system32\wscsvc32.exe
PRC - [2011/05/29 17:58:41 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\system32\msltus4032.exe
PRC - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
PRC - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/11 12:09:16 | 000,364,544 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe
PRC - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
PRC - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVSRV51.EXE
PRC - [2006/08/08 18:25:32 | 000,106,496 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
PRC - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\FIREWALL\PNmSrv.exe
PRC - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PAVFNSVR.EXE
PRC - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe
PRC - [2006/06/29 11:04:42 | 000,069,632 | ---- | M] (Panda Software International) -- c:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
PRC - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
PRC - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/01/31 16:42:04 | 000,073,728 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\SrvLoad.exe
PRC - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) -- C:\Program Files\Common Files\Panda Software\PavShld\PavPrSrv.exe
PRC - [2005/01/22 18:42:16 | 000,440,832 | ---- | M] (Stardock Systems, Inc) -- C:\Program Files\AlienGUIse\wbload.exe
PRC - [2005/01/19 17:34:16 | 000,128,000 | ---- | M] ( ) -- C:\Program Files\CursorXP\CursorXP.exe
PRC - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe
========== Modules (SafeList) ========== MOD - [2011/05/13 10:14:04 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\Geeks2Go\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2006/09/26 16:26:44 | 000,245,760 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\PavSHook.dll
MOD - [2006/07/21 14:35:28 | 000,139,264 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\TpUtil.dll
MOD - [2006/06/27 19:36:40 | 000,101,888 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\SYSTOOLS.DLL
MOD - [2006/06/16 14:44:34 | 000,057,344 | ---- | M] (Panda Software) -- C:\WINDOWS\system32\pavipc.dll
MOD - [2006/03/06 18:08:00 | 000,102,400 | ---- | M] (Panda Software International) -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavoepl.dll
MOD - [2005/01/24 21:48:46 | 000,498,232 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wblind.dll
MOD - [2005/01/19 17:34:24 | 000,014,848 | ---- | M] ( ) -- C:\Program Files\CursorXP\CurXP0.dll
MOD - [2004/09/18 15:37:00 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\AlienGUIse\wbhelp.dll
MOD - [2000/04/03 18:33:36 | 000,028,160 | ---- | M] (Neil Banfield) -- C:\Program Files\AlienGUIse\anim.dll
========== Win32 Services (SafeList) ========== SRV - [2011/05/29 17:58:41 | 000,776,704 | ---- | M] (CrypKey Inc.) [Auto | Running] -- C:\WINDOWS\system32\msltus4032.exe -- (UPS32)
SRV - [2008/12/03 23:12:16 | 000,077,824 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Auto | Running] -- C:\Program Files\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2008/12/03 22:25:10 | 000,159,744 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [On_Demand | Stopped] -- C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe -- (digiSPTIService)
SRV - [2006/10/09 16:15:38 | 000,348,160 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe -- (TPSrv)
SRV - [2006/08/08 18:26:18 | 000,151,552 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe -- (PAVSRV)
SRV - [2006/08/02 14:05:54 | 000,811,008 | ---- | M] (Panda Software International) [Auto | Running] -- c:\program files\panda software\panda internet security 2007\firewall\PNMSRV.EXE -- (PNMSRV)
SRV - [2006/07/25 18:03:42 | 002,119,360 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2006/07/25 18:03:42 | 000,100,032 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
SRV - [2006/07/21 12:22:32 | 000,159,744 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2006/07/04 14:25:34 | 000,102,400 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\PsImSvc.exe -- (PSIMSVC)
SRV - [2006/03/31 14:50:52 | 000,411,096 | ---- | M] (Panda Software International) [Auto | Running] -- C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe -- (pmshellsrv)
SRV - [2006/02/07 13:38:01 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2005/07/25 02:02:22 | 000,032,768 | ---- | M] (Panda Software) [Auto | Running] -- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe -- (PavPrSrv)
SRV - [2002/12/17 18:26:22 | 007,520,337 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -- (MSSQL$SONY_MEDIAMGR)
SRV - [2002/12/17 18:23:30 | 000,311,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -- (SQLAgent$SONY_MEDIAMGR)
========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Running] -- -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] -- -- (ComFiltr)
DRV - File not found [File_System | On_Demand | Running] -- -- (AvFlt)
DRV - [2010/09/30 11:19:11 | 000,054,328 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iLokDrvr.sys -- (iLokDrvr)
DRV - [2010/07/09 12:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Program Files\CPUID\PC Wizard 2010\pcwiz_x32.sys -- (cpuz134)
DRV - [2009/12/23 11:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/08/22 13:25:00 | 000,009,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner32.sys -- (RivaTuner32)
DRV - [2009/01/31 12:47:36 | 000,163,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\vidstub.sys -- (BootScreen)
DRV - [2009/01/29 23:22:46 | 000,137,992 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PnkBstrK.sys -- (PnkBstrK)
DRV - [2008/12/04 03:02:08 | 000,021,904 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2midk.sys -- (MBX2MIDK)
DRV - [2008/12/04 03:02:04 | 000,021,648 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbx2dfu.sys -- (MBX2DFU)
DRV - [2008/12/04 03:02:02 | 000,016,400 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2008/12/04 03:01:50 | 000,097,808 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Dalwdm.sys -- (dalwdmservice)
DRV - [2008/05/14 21:48:17 | 003,098,112 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2007/12/20 03:31:12 | 000,278,984 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/09/06 14:55:18 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/09/06 14:42:55 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/05/27 00:44:32 | 000,025,544 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2007/02/25 21:55:19 | 000,076,560 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2007/01/20 02:11:07 | 000,031,644 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2006/10/10 16:02:46 | 000,141,312 | ---- | M] (Panda Software International) [NDIS Layer] [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\NETFLT.SYS -- (netflt)
DRV - [2006/09/28 15:58:26 | 000,016,256 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\wnmflt.sys -- (WNMFLT)
DRV - [2006/08/24 22:47:00 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/08/24 22:47:00 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/08/03 16:37:56 | 000,044,544 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\APPFLT.SYS -- (APPFLT)
DRV - [2006/08/02 14:15:48 | 000,023,296 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\smsflt.sys -- (SMSFLT)
DRV - [2006/08/02 14:10:18 | 000,185,472 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idsflt.sys -- (IDSFLT)
DRV - [2006/08/02 14:08:48 | 000,036,864 | ---- | M] (Panda Software International) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dsaflt.sys -- (DSAFLT)
DRV - [2006/07/01 23:39:40 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/29 22:50:46 | 000,009,216 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fnetmon.sys -- (FNETMON)
DRV - [2006/05/11 22:26:48 | 000,103,936 | ---- | M] (Panda Software) [TDI Layer] [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\netfltdi.sys -- (NETFLTDI)
DRV - [2006/04/25 10:02:48 | 000,165,120 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PavProc.sys -- (PavProc)
DRV - [2006/03/27 18:53:28 | 000,167,808 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wg111v2.sys -- (RTLWUSB)
DRV - [2006/02/22 03:43:34 | 000,071,552 | ---- | M] (Panda Software International) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\pavdrv51.sys -- (PAVDRV)
DRV - [2005/09/26 18:07:00 | 003,644,800 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/08/29 07:23:30 | 000,026,752 | ---- | M] (Panda Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\ShldDrv.sys -- (ShldDrv)
DRV - [2005/08/12 14:36:56 | 000,016,640 | ---- | M] (Panda Software) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpoint.sys -- (cpoint)
DRV - [2005/07/29 20:11:04 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2005/07/29 20:11:02 | 000,034,048 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2005/03/17 11:51:16 | 001,033,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/03/17 11:50:36 | 000,221,440 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2005/03/17 11:50:32 | 000,705,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/20 20:02:00 | 000,012,544 | R--- | M] (KORG Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KORGUMDS.SYS -- (KORGUMDS)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = C9 A4 B9 41 A0 7F E6 47 96 F8 2C 78 22 31 8C 97 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ========== FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "
http://slirsredirect...fftrie7&query="FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {45501068-1DB2-4B37-A104-9C301A4F02A4}:1.9.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems:
[email protected]:1.0
FF - prefs.js..extensions.enabledItems:
[email protected]:3.6.7
FF - prefs.js..extensions.enabledItems: {7694c49c-9fbd-11dc-8314-0800200c9a66}:3.6.7
FF - HKLM\software\mozilla\Firefox\extensions\\{45501068-1DB2-4B37-A104-9C301A4F02A4}: C:\Documents and Settings\Owner\Local Settings\Application Data\{45501068-1DB2-4B37-A104-9C301A4F02A4} [2010/01/15 00:58:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/02 12:13:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/14 00:02:40 | 000,000,000 | ---D | M]
[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/25 13:59:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\
[email protected][2011/05/29 17:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions
[2010/07/23 11:31:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/22 10:27:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/03/10 00:48:09 | 000,000,000 | ---D | M] (Aquatint Black) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}
[2011/05/30 14:21:30 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{9b48f8c5-e8a2-4150-bbee-d70407cf130b}
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\
[email protected][2009/11/17 13:58:08 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\
[email protected][2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\
[email protected]\chrome
[2011/03/10 00:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\
[email protected]\defaults
[2011/03/10 00:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\extensions\{7694c49c-9fbd-11dc-8314-0800200c9a66}\chrome\win\mozapps\extensions
[2009/03/23 17:53:46 | 000,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\g18onkhq.default\searchplugins\aim-search.xml
[2011/03/25 20:14:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/06/09 16:08:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/05/02 16:25:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/30 16:23:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\G18ONKHQ.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2009/08/05 16:07:49 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/02 12:13:46 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/09 02:11:22 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/08/09 02:30:36 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml
O1 HOSTS File: ([2011/05/25 19:47:47 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {41B9A4C9-7FA0-47E6-96F8-2C7822318C97} - C:\WINDOWS\system32\atiiiexx32.dll ()
O2 - BHO: (44387339) - {43CB8033-D0FF-6A03-6264-519FA52E73F9} - C:\WINDOWS\system32\imeshare32.dll ()
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE (Panda Software International)
O4 - HKLM..\Run: [BootSkin Startup Jobs] C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe (Digidesign, A Division of Avid Technology, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe ()
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe (Panda Software International)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKCU..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe ( )
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd.)
F3 - HKCU WinNT: Load - () - File not found
F3 - HKCU WinNT: Run - () - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_21.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - c:\program files\panda software\panda internet security 2007\pavlsp.dll (Panda Software International)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
http://www.apple.com...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700}
http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A}
http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}
http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
O20 - AppInit_DLLs: (C:\WINDOWS\system32\imeshare32.dll) - C:\WINDOWS\system32\imeshare32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avldr: DllName - avldr.dll - C:\WINDOWS\System32\avldr.dll (Panda Software)
O20 - Winlogon\Notify\WB: DllName - C:\PROGRA~1\ALIENG~1\fastload.dll - C:\Program Files\AlienGUIse\fastload.dll (Stardock)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/01/09 20:13:09 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [1997/09/30 13:25:44 | 000,173,568 | R--- | M] (EA Sports ) - E:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [1997/09/14 15:41:28 | 000,000,054 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2011/04/19 13:09:27 | 000,000,059 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{314c8792-b0e2-11dc-b9ad-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{314c8792-b0e2-11dc-b9ad-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{314c8792-b0e2-11dc-b9ad-0015583757e9}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2011/04/19 13:09:27 | 000,596,187 | R--- | M] (Valve )
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a2986cfd-a9f1-11dd-ba55-0015583757e9}\Shell\AutoRun\command - "" = N:\LaunchU3.exe -a
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7287-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = L:\Autorun.exe
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell - "" = AutoRun
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b04c7289-aed2-11dc-b9ac-0015583757e9}\Shell\AutoRun\command - "" = N:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ========== [2011/05/29 17:58:46 | 000,776,704 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\wscsvc32.exe
[2011/05/29 17:58:44 | 000,776,704 | ---- | C] (CrypKey Inc.) -- C:\WINDOWS\System32\msltus4032.exe
[2011/05/25 19:41:39 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/23 00:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SKIDROW
[2011/05/23 00:43:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Valve
[2011/05/22 23:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011/05/18 12:03:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Phone Stuff
[2011/05/17 11:56:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Geeks2Go
[2011/05/14 20:57:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/05/14 20:57:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2011/05/14 00:10:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/05/12 11:49:31 | 000,114,176 | ---- | C] (CPUID) -- C:\WINDOWS\System32\PCWizard.cpl
[2011/05/12 11:49:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CPUID
[2011/05/12 11:49:27 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2011/05/12 02:47:42 | 000,000,000 | ---D | C] -- C:\1c80e9306499ed317d57f2b03d
[2011/05/12 02:21:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2011/05/12 02:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
[2011/05/11 09:53:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Owl City ---- Ocean Eyes --- Deluxe Edition
[2011/05/09 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011/05/09 22:25:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\2K Games
[2011/05/09 22:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2011/05/08 23:22:51 | 000,000,000 | ---D | C] -- C:\Program Files\Paradox Interactive
[2011/05/07 14:49:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\BioWare
[2011/05/07 14:47:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dragon Age II
[2011/05/07 14:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Dragon Age 2
[2011/05/07 14:35:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010/09/17 17:43:30 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
========== Files - Modified Within 30 Days ========== [2011/05/30 14:30:41 | 000,000,019 | ---- | M] () -- C:\WINDOWS\System32\64cb246b
[2011/05/29 17:58:49 | 000,811,996 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2011/05/29 17:58:46 | 000,167,936 | ---- | M] () -- C:\WINDOWS\System32\imeshare32.dll
[2011/05/29 17:58:46 | 000,000,091 | ---- | M] () -- C:\WINDOWS\System32\1323643931
[2011/05/29 17:58:41 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\wscsvc32.exe
[2011/05/29 17:58:41 | 000,776,704 | ---- | M] (CrypKey Inc.) -- C:\WINDOWS\System32\msltus4032.exe
[2011/05/29 17:58:41 | 000,365,568 | ---- | M] () -- C:\WINDOWS\System32\atiiiexx32.dll
[2011/05/28 20:08:38 | 000,058,164 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/05/28 17:34:46 | 000,001,132 | ---- | M] () -- C:\WINDOWS\System32\drivers\APPFLTR.CFG
[2011/05/28 17:33:58 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/28 17:32:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/28 17:32:16 | 2145,964,032 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/27 21:42:19 | 000,094,720 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/26 12:15:25 | 001,509,462 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\02.wmv
[2011/05/25 20:27:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/23 00:43:14 | 000,001,635 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Portal 2.lnk
[2011/05/22 10:12:08 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/05/14 21:28:01 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[2011/05/13 11:22:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/12 14:54:48 | 004,734,976 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\www.fooxy.com_02.mpg
[2011/05/11 20:31:54 | 002,733,480 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\01.wmv
[2011/05/08 23:16:09 | 000,000,023 | ---- | M] () -- C:\WINDOWS\BlendSettings.ini
[2011/05/08 08:17:10 | 000,006,793 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Gander.jpg
[1 C:\Documents and Settings\Owner\*.tmp files -> C:\Documents and Settings\Owner\*.tmp -> ]
========== Files Created - No Company Name ========== [2011/05/30 12:54:11 | 000,000,019 | ---- | C] () -- C:\WINDOWS\System32\64cb246b
[2011/05/29 17:58:45 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\imeshare32.dll
[2011/05/29 17:58:44 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\1323643931
[2011/05/29 17:58:41 | 000,365,568 | ---- | C] () -- C:\WINDOWS\System32\atiiiexx32.dll
[2011/05/26 12:15:21 | 001,509,462 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\02.wmv
[2011/05/25 20:27:09 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/23 00:43:14 | 000,001,635 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Portal 2.lnk
[2011/05/22 10:12:08 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MBR.dat
[2011/05/14 20:48:26 | 2145,964,032 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/12 14:54:42 | 004,734,976 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\www.fooxy.com_02.mpg
[2011/05/11 20:31:51 | 002,733,480 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\01.wmv
[2011/05/08 08:17:10 | 000,006,793 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Gander.jpg
[2011/02/22 13:59:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2011/02/22 13:58:39 | 000,887,724 | R--- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2011/02/22 13:58:37 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2011/01/19 13:58:21 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\drivers\wnmsav.dat
[2011/01/09 22:40:34 | 000,000,260 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/12/06 22:47:20 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\sypfrq.sys
[2010/09/17 17:43:30 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\inst.exe
[2010/09/17 17:43:30 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/09/17 17:43:30 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/09/16 19:29:14 | 000,001,057 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\vso_ts_preview.xml
[2010/03/14 20:36:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/03/10 09:50:43 | 000,058,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/02/11 07:15:50 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/08/31 18:24:57 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Composer.INI
[2009/02/26 13:47:56 | 000,042,320 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/01/28 22:55:47 | 000,066,936 | -HS- | C] () -- C:\WINDOWS\dlinfo_0.drv
[2009/01/28 22:55:05 | 000,061,440 | ---- | C] () -- C:\WINDOWS\diabunin.exe
[2009/01/13 19:04:52 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Thps3.INI
[2009/01/11 21:50:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/06/27 11:08:52 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/06/05 06:32:13 | 000,000,779 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\AtomicAlarmClock.ini
[2008/06/05 06:32:13 | 000,000,525 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\alarms.ini
[2008/04/14 16:20:35 | 000,001,131 | ---- | C] () -- C:\WINDOWS\Monitor.ini
[2007/12/29 20:04:01 | 000,001,994 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2007/12/20 03:59:31 | 000,009,728 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2007/12/03 01:54:33 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/13 23:22:10 | 000,137,992 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/11/13 23:22:05 | 000,201,816 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2007/11/13 23:21:58 | 000,066,872 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2007/11/02 14:05:51 | 000,086,528 | ---- | C] () -- C:\WINDOWS\bnetunin.exe
[2007/09/06 14:55:19 | 000,278,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/09/06 14:55:18 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/21 21:50:45 | 000,811,996 | ---- | C] () -- C:\WINDOWS\System32\drivers\APPFCONT.DAT
[2007/08/21 16:51:16 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2007/08/21 14:36:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2007/07/09 14:07:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/06/27 09:54:39 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2007/05/24 06:57:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
[2007/05/24 00:00:18 | 000,187,392 | ---- | C] () -- C:\WINDOWS\System32\JPGUtils.dll
[2007/04/29 13:26:13 | 000,000,471 | ---- | C] () -- C:\WINDOWS\vsp.ini
[2007/04/28 12:54:35 | 000,000,259 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\Gangsters2Setup.lnk
[2007/04/11 21:09:27 | 000,001,366 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/23 09:26:48 | 000,001,441 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/18 07:12:49 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/02/02 14:40:11 | 003,107,788 | R--- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2007/01/31 19:39:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\CMMGR32.EXE
[2007/01/26 00:28:32 | 000,000,638 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/01/20 02:40:43 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/10/14 04:03:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\wklnhst.dat
[2006/10/14 01:13:58 | 000,000,118 | ---- | C] () -- C:\WINDOWS\wb.ini
[2006/10/01 12:14:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2006/09/28 01:13:48 | 000,000,067 | ---- | C] () -- C:\WINDOWS\AudioMidRecorder.INI
[2006/09/22 02:04:17 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2006/09/22 02:00:20 | 000,172,033 | R--- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/09/13 16:29:00 | 000,163,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\vidstub.sys
[2006/09/07 03:41:52 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2006/09/07 00:57:38 | 000,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2006/09/06 14:42:53 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2006/08/26 03:33:22 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2006/08/26 03:33:22 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2006/08/26 03:33:22 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2006/08/26 00:27:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/22 04:28:09 | 000,094,720 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/19 20:27:19 | 000,034,027 | ---- | C] () -- C:\WINDOWS\scunin.dat
[2006/08/19 19:52:49 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/02/07 13:34:32 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/02/07 13:33:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/02/07 13:33:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2006/02/07 13:33:26 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/02/07 13:33:11 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/02/07 13:27:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/07 13:06:56 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2006/02/07 13:06:55 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/02/07 13:06:55 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/02/07 13:06:53 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/02/07 13:06:51 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/02/07 13:06:51 | 000,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/02/07 13:06:51 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/02/07 13:06:50 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2006/02/07 13:06:47 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2006/02/07 13:06:47 | 000,393,216 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2006/02/07 13:06:47 | 000,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/08/06 00:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/12 11:51:23 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2005/01/09 20:17:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/01/09 20:07:25 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/01/09 18:49:16 | 000,001,220 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 000,000,491 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/01/09 18:48:21 | 000,462,662 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/01/09 18:48:21 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/01/09 18:48:21 | 000,080,266 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/01/09 18:48:21 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/01/09 18:48:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/01/09 18:48:18 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/01/09 18:48:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/01/09 18:48:07 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/01/09 18:48:07 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/01/09 18:48:01 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/01/09 18:47:52 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2005/01/09 12:00:34 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/01/09 11:59:39 | 001,564,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/01/07 18:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
========== Custom Scans ========== < MD5 for: ATAPI.SYS >[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 19:26:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 14:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/08/18 19:26:52 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: SPTD.SYS >[2007/09/06 14:42:55 | 000,685,816 | ---- | M] ()
Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
< End of report >
aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-30 21:54:04
-----------------------------
21:54:04.359 OS Version: Windows 5.1.2600 Service Pack 3
21:54:04.359 Number of processors: 2 586 0x2B01
21:54:04.359 ComputerName: ANDERWOLF UserName: Owner
21:54:06.640 Initialize success
21:54:08.312 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-3
21:54:08.312 Disk 0 Vendor: HDT722525DLAT80 V44OA96A Size: 238475MB BusType: 3
21:54:08.312 Disk 0 MBR read error 0
21:54:08.312 Disk 0 MBR scan
21:54:08.312 Disk 0 unknown MBR code
21:54:08.312 MBR BIOS signature not found 0
21:54:08.312 Disk 0 scanning sectors +488392065
21:54:08.312 Disk 0 scanning C:\WINDOWS\system32\drivers
21:54:16.093 Service scanning
21:54:17.390 Disk 0 trace - called modules:
21:54:17.390 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys sptd.sys >>UNKNOWN [0x843718ac]<<
21:54:17.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84212030]
21:54:17.390 3 CLASSPNP.SYS[ba168fd7] -> nt!IofCallDriver -> \Device\000000a7[0x8426bf18]
21:54:17.390 5 ACPI.sys[b9e55620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-3[0x8426a940]
21:54:17.390 Scan finished successfully
21:58:38.937 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
21:58:38.937 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"
GMER 1.0.15.15627 -
http://www.gmer.netRootkit scan 2011-05-30 23:03:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort1 HDT722525DLAT80 rev.V44OA96A
Running: gmer.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kwryypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwCreateKey [0xBA4121BA]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteKey [0xBA4122D6]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwDeleteValueKey [0xBA41242A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateKey [0xBA4123B2]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwEnumerateValueKey [0xBA41258A]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwOpenKey [0xBA412264]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryKey [0xBA41233E]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwQueryValueKey [0xBA412512]
SSDT \SystemRoot\System32\Drivers\ShldDrv.SYS (PandaShield driver/Panda Software) ZwSetValueKey [0xBA412498]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software) ZwTerminateProcess [0xA95B14E8]
SSDT \??\C:\WINDOWS\system32\DRIVERS\PavProc.sys (Panda Process Protection driver/Panda Software) ZwTerminateThread [0xA95B0D72]
INT 0xA4 ? FDC88044
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 2FE8 80504884 8 Bytes CALL F2F9A39D
? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? System32\Drivers\ap86bwy4.SYS The system cannot find the path specified. !
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB90C0000, 0x1985C4, 0xE8000020]
.text USBPORT.SYS!DllUnload B90778AC 5 Bytes JMP 83E45770
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA9A0A300, 0x3AE88, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAC545300, 0x1B7E, 0xE8000020]
? system32\drivers\av5flt.sys The system cannot find the path specified. !
? C:\WINDOWS\system32\DRIVERS\COMFiltr.sys The system cannot find the file specified. !
? C:\WINDOWS\system32\PavTPK.sys The system cannot find the file specified. !
? C:\DOCUME~1\Owner\LOCALS~1\Temp\aswMBR.sys The system cannot find the file specified. !
.text ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\AlienGUIse\wbload.exe[404] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\Explorer.EXE[752] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[752] USER32.dll!GetCursor 7E42A91B 5 Bytes JMP 013B1080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[752] USER32.dll!DrawIconEx 7E42CB84 5 Bytes JMP 013B1120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\WINDOWS\Explorer.EXE[752] USER32.dll!GetIconInfo 7E42D427 5 Bytes JMP 013B1030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[796] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Bonjour\mDNSResponder.exe[980] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Digidesign\Drivers\MMERefresh.exe[1104] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\msltus4032.exe[1336] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\WINDOWS\system32\wscsvc32.exe[1728] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1864] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [C5, 03] {LDS EAX, DWORD [EBX]}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [E6, 03] {OUT 0x3, AL}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [C8, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [CB, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [CE, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [D1, 03] {ROL DWORD [EBX], 0x1}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [D4, 03] {AAM 0x3}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [D7, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [EC, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [DA, 03] {FIADD DWORD [EBX]}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [DD, 03] {FLD QWORD [EBX]}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [EF, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [F2, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [E0, 03] {LOOPNZ 0x5}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [E3, 03] {JECXZ 0x5}
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [F5, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [C2, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 03AC0F5A
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 03B40F5A
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 03AE0F5A
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [B9, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [BF, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [BC, 03]
.text C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe[2104] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 03B10F5A
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\CursorXP\CursorXP.exe[2160] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS[2504] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe[3536] USER32.dll!GetCursor 7E42A91B 5 Bytes JMP 034A1080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe[3536] USER32.dll!DrawIconEx 7E42CB84 5 Bytes JMP 034A1120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Panda Software\Panda Internet Security 2007\apvxdwin.exe[3536] USER32.dll!GetIconInfo 7E42D427 5 Bytes JMP 034A1030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 00EF2420 C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00EF23AA C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00EF22D1 C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!bind 71AB4480 5 Bytes JMP 00EF225B C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 00EF2334 C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00EF23D4 C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 00EF246E C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 00EF2369 C:\WINDOWS\system32\imeshare32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] USER32.dll!GetCursor 7E42A91B 5 Bytes JMP 07101080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] USER32.dll!DrawIconEx 7E42CB84 5 Bytes JMP 07101120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Program Files\Mozilla Firefox\firefox.exe[5560] USER32.dll!GetIconInfo 7E42D427 5 Bytes JMP 07101030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [1D, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [3E, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [20, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [23, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [26, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [29, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [2F, 5F] {DAS ; POP EDI}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [32, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [35, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [38, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [3B, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!LdrLoadDll 7C91632D 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] ntdll.dll!LdrLoadDll + 4 7C916331 2 Bytes [1A, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F0D0F5A
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [11, 5F]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [17, 5F] {POP SS; POP EDI}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [14, 5F] {ADC AL, 0x5f}
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] USER32.dll!GetCursor 7E42A91B 5 Bytes JMP 01301080 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] USER32.dll!DrawIconEx 7E42CB84 5 Bytes JMP 01301120 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
.text C:\Documents and Settings\Owner\Desktop\Geeks2Go\gmer.exe[5692] USER32.dll!GetIconInfo 7E42D427 5 Bytes JMP 01301030 C:\Program Files\CursorXP\CurXP0.dll (CursorXP control panel/ )
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs ShldDrv.SYS (PandaShield driver/Panda Software)
Device \FileSystem\Ntfs \Ntfs 843361E8
AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (AntiMalware Filter Driver for Windows XP/2003/Panda Software International)
AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
Device \FileSystem\Fastfat \FatCdrom 82CF91E8
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)
Device \Driver\usbohci \Device\USBPDO-0 83EDC1E8
Device \Driver\dmio \Device\DmControl\DmIoDaemon 843C11E8
Device \Driver\dmio \Device\DmControl\DmConfig 843C11E8
Device \Driver\dmio \Device\DmControl\DmPnP 843C11E8
Device \Driver\dmio \Device\DmControl\DmInfo 843C11E8
Device \Driver\usbehci \Device\USBPDO-1 83EF71E8
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
Device \Driver\Ftdisk \Device\HarddiskVolume1 843521E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 843521E8
Device \Driver\usbstor \Device\000000b0 83DBD3A8
Device \Driver\Cdrom \Device\CdRom0 83F741E8
Device \Driver\atapi \Device\Ide\IdePort0 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort2 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort4 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-3 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-1f [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-12 [B9DEAB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 83F741E8
Device \Driver\Cdrom \Device\CdRom2 83F741E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{5646A873-7588-4EE4-A716-40ED900FF0C1} 8315F1E8
Device \Driver\usbstor \Device\000000b3 83DBD3A8
Device \Driver\usbstor \Device\000000b4 83DBD3A8
Device \Driver\NetBT \Device\NetBt_Wins_Export 8315F1E8
Device \Driver\usbstor \Device\000000b5 83DBD3A8
Device \Driver\usbstor \Device\000000b6 83DBD3A8
Device \Driver\NetBT \Device\NetbiosSmb 8315F1E8
Device \Driver\PCI_NTPNP7776 \Device\00000086 sptd.sys
Device \Driver\PCI_NTPNP7776 \Device\00000087 sptd.sys
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
Device \Driver\usbohci \Device\USBFDO-0 83EDC1E8
Device \Driver\usbehci \Device\USBFDO-1 83EF71E8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 830441E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 830441E8
Device \Driver\Ftdisk \Device\FtControl 843521E8
Device \Driver\ap86bwy4 \Device\Scsi\ap86bwy41Port5Path0Target0Lun0 840A01E8
Device \Driver\ap86bwy4 \Device\Scsi\ap86bwy41 840A01E8
Device \FileSystem\Fastfat \Fat 82CF91E8
AttachedDevice \FileSystem\Fastfat \Fat pavdrv51.sys (AntiMalware Filter Driver for Windows XP/2003/Panda Software International)
AttachedDevice \FileSystem\Fastfat \Fat av5flt.sys
Device \FileSystem\Cdfs \Cdfs 83E3C440
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 1848199765
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 -1873092195
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xB6 0x7D 0xFF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xFE 0x58 0xD7 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xF6 0xE9 0x00 0xA6 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xDE 0x98 0x5B 0x27 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x43 0x2E 0xCB 0x7F ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x1D 0x9F 0xAD 0x76 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x40 0x82 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xB6 0x7D 0xFF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xFE 0x58 0xD7 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA0 0x35 0xAF 0x5B ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xDE 0x98 0x5B 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x43 0x2E 0xCB 0x7F ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x1D 0x9F 0xAD 0x76 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x63 0x40 0x82 0x73 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x16 0xB6 0x7D 0xFF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xD5 0xFE 0x58 0xD7 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6D 0x9B 0x22 0xC0 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x92 0x77 0xEC 0xB5 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0xD3 0xB5 0xCC 0xB2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq1@hdf12 0x9F 0x32 0x67 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x78 0x12 0x71 0x01 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0xD2 0x85 0xFD 0x8A ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x7B 0x7B 0x47 0x9F ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1B8C62C1-8A4B-AED8-C751-912A26E92366}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}@iabfhapocchoehmlbn 0x6A 0x61 0x6C 0x68 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E325944E-42CC-FA90-2274-DEB16F4B95C1}@hahenaofjigboinn 0x6B 0x61 0x67 0x69 ...
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0
---- EOF - GMER 1.0.15 ----