Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

uacinit.dll


  • This topic is locked This topic is locked
36 replies to this topic

#1 highfivester

highfivester

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 16 May 2009 - 02:22 PM

Hi

Problems started with Norman Antivirus started to detect a trojan (ZLOB) which it "quarantined". Problems continued with "windows direct" (Links in google was redirected to "malware" sites). Sometimes random popups started to appear via IE even though I was using firefox. Seemed to be the koobface virus. Both task manager and regedit was disabled (now fixed)

After using MBAM (needed to rename it) I was left with uacinit.dll which is impossible to remove with mbam. I can not use Norton as it craches when trying to scan. Tried to reinstall but problems remain.

I positive that the system remains infected and that the computer is not safe to use.

Please advise me on how to proceed!

DDS:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Rana at 21:09:59,18 on 2009-05-16
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_01
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.70 [GMT 2:00]

AV: Norman Security Suite ver. 7.00 *On-access scanning enabled* (Outdated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Personal Firewall *enabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}

============== Running Processes ===============

C:\Program\Norman\Npm\Bin\Elogsvc.exe
C:\Program\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program\Norman\Npm\Bin\Zanda.exe
C:\Program\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Norman\Npm\Bin\Nvcsched.exe
C:\Program\Norman\npc\bin\npcsvc32.exe
C:\Program\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Norman\npc\bin\nuaa.exe
C:\Program\Norman\nse\bin\NSESVC.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\iid.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program\Logitech\QuickCam\Quickcam.exe
C:\Program\ThreatFire\TFTray.exe
C:\Program\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
svchost
C:\Program\Norman\npf\bin\npfuser.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Program\Wfwin\WFReader.exe
C:\Program\Wfwin\FIEMouse.exe
C:\Program\Norman\Nvc\Bin\nvcoas.exe
C:\Program\Norman\Nvc\Bin\Nip.exe
C:\Program\Norman\Nvc\Bin\cclaw.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Rana\Skrivbord\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\userinit32.exe,
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program\java\jre1.6.0_01\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
BHO: MS extension: {e7c7ad3e-e0b2-4994-b338-f89d02aa316d} - infow32.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [updateMgr] c:\program\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
uRun: [DAEMON Tools] "c:\program\daemon tools\daemon.exe" -lang 1033 -noicon
uRun: [LDM] c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [ooVoo.exe] c:\program files\oovoo\ooVoo.exe /minimized
uRun: [DL32] DL32
uRun: [SUPERAntiSpyware] c:\program\superantispyware\SUPERAntiSpyware.exe
uRun: [RegistryMechanic] c:\program\registry mechanic\RegMech.exe /H
mRun: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
mRun: [ATIPTA] "c:\program\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SynTPLpr] c:\program\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program\synaptics\syntp\SynTPEnh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] c:\program\cyberlink\powerdvd\PDVDServ.exe
mRun: [InstantOn] "c:\program files\cyberlink\powercinema linux\ion_install.exe" /c
mRun: [SunJavaUpdateSched] "c:\program\java\jre1.6.0_01\bin\jusched.exe"
mRun: [IntelliPoint] "c:\program\microsoft intellipoint\point32.exe"
mRun: [QuickTime Task] "c:\program\quicktime\qttask.exe" -atboottime
mRun: [TkBellExe] "c:\program\delade filer\real\update_ob\realsched.exe" -osboot
mRun: [Windows Defender] "c:\program\windows defender\MSASCui.exe" -hide
mRun: [Net iD] c:\windows\system32\iid.exe
mRun: [Acrobat Assistant 7.0] "c:\program\adobe\acrobat 7.0\distillr\Acrotray.exe"
mRun: [<NO NAME>]
mRun: [O2] "c:\program\o2\bin\sprtcmd.exe" /P O2
mRun: [LogitechCommunicationsManager] "c:\program\delade filer\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program\logitech\quickcam\Quickcam.exe" /hide
mRun: [PCSuiteTrayApplication] c:\program\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [ThreatFire] c:\program\threatfire\TFTray.exe
mRun: [Norman ZANDA] "c:\program\norman\npm\bin\ZLH.EXE" /LOAD /SPLASH
mRun: [NPCTray] c:\program\norman\npc\bin\npc_tray.exe /LOAD
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\program\delade~1\micros~1\dw\dwtrig20.exe" -t
dRun: [PcSync] c:\program\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\docume~1\rana\start-~1\program\autost~1\genvgt~1.lnk - c:\documents and settings\rana\skrivbord\Puss puss på alla hjärtans dag!.htm
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-000000000002}\SC_Acrobat.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\adober~1.lnk - c:\program\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\logite~1.lnk - c:\program\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\start-~1\program\autost~1\wordfi~1.lnk - c:\program\wfwin\WFReader.exe
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: Convert link target to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\program\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program\java\jre1.6.0_01\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\program\micros~3\office11\REFIEBAR.DLL
LSP: c:\program\norman\npc\bin\nlf.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - hxxp://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scan8/oscan8.cab
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program\delade~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\program\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\rana\applic~1\mozilla\firefox\profiles\ijaz5xas.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.dn.se/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program\mozilla firefox\plugins\npiidplg.dll

---- FIREFOX POLICIES ----
c:\program\mozilla firefox\greprefs\all.js - pref("browser.visited_color", "#551A8B");
c:\program\mozilla firefox\defaults\pref\firefox.js - pref("browser.videoFeeds.handler", "ask");

============= SERVICES / DRIVERS ===============

R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [2009-5-16 79752]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-5-15 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-5-15 39184]
R1 NPROSEC;Norman Security driver;c:\program\norman\ngs\bin\nprosec.sys [2009-5-16 52792]
R1 SASDIFSV;SASDIFSV;c:\program\superantispyware\sasdifsv.sys [2009-4-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program\superantispyware\SASKUTIL.SYS [2009-4-28 72944]
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [2009-5-16 74624]
R2 Ndiskio;Ndiskio;c:\program\norman\nse\bin\Ndiskio.sys [2009-5-16 20448]
R2 Norman ZANDA;Norman ZANDA;c:\program\norman\npm\bin\Zanda.exe [2008-4-24 429176]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program\norman\npf\bin\npfsvc32.exe [2009-5-16 597104]
R2 NPROSECSVC;Norman Security service;c:\program\norman\ngs\bin\nprosec.exe [2009-5-16 121912]
R2 NVOY;Norman's Very Own supplY of resources;c:\program\norman\npm\bin\nvoy.exe [2009-5-16 121912]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program\o2\bin\sprtsvc.exe [2007-6-7 202280]
R2 ThreatFire;ThreatFire;c:\program\threatfire\tfservice.exe service --> c:\program\threatfire\TFService.exe service [?]
R2 WinDefend;Windows Defender;c:\program\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NPC;Norman Parental Control;c:\program\norman\npc\bin\npcsvc32.exe [2009-5-16 416880]
R3 nsesvc;Norman Scanner Engine Service;c:\program\norman\nse\bin\Nsesvc.exe [2009-5-16 322616]
R3 NUAA;Norman User Activity Agent;c:\program\norman\npc\bin\nuaa.exe [2009-5-16 117816]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2009-5-16 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program\norman\nvc\bin\Nvcoas.exe [2009-5-16 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\norman\npm\bin\nvcsched.exe [2009-5-16 154680]
R3 SASENUM;SASENUM;c:\program\superantispyware\SASENUM.SYS [2009-4-28 7408]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\sldrv\slazldrv.sys [2005-8-16 230448]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-5-15 33040]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2006-8-21 223232]

=============== Created Last 30 ================

2009-05-16 21:05 <DIR> --d----- c:\program\Trend Micro
2009-05-16 14:45 79,752 a------- c:\windows\system32\drivers\ndis_rd.sys
2009-05-16 14:45 74,624 a------- c:\windows\system32\drivers\tdi_rd.sys
2009-05-16 14:45 42,552 a------- c:\windows\system32\drivers\ale_nf.sys
2009-05-16 14:45 212,024 a------- c:\windows\system32\nscrnsav.scr
2009-05-16 14:45 19,512 a------- c:\windows\system32\drivers\nvcw32mf.sys
2009-05-16 14:44 <DIR> --d----- c:\program\Norman
2009-05-16 12:15 <DIR> --d----- c:\program\CCleaner
2009-05-16 11:54 2 ----h--- c:\windows\sto453189.dat
2009-05-15 08:44 <DIR> --d----- c:\docume~1\rana\applic~1\Malwarebytes
2009-05-15 01:19 <DIR> --d----- c:\program\PC Tools AntiVirus
2009-05-15 00:58 51,472 a------- c:\windows\system32\drivers\TfFsMon.sys
2009-05-15 00:58 39,184 a------- c:\windows\system32\drivers\TfSysMon.sys
2009-05-15 00:58 33,040 a------- c:\windows\system32\drivers\TfNetMon.sys
2009-05-15 00:58 12,560 a------- c:\windows\system32\drivers\TfKbMon.sys
2009-05-15 00:58 <DIR> --d----- c:\program\ThreatFire
2009-05-15 00:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-05-15 00:50 <DIR> --d----- c:\program\test2
2009-05-14 21:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SITEguard
2009-05-14 21:27 <DIR> --d----- c:\program\delade filer\iS3
2009-05-14 21:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\STOPzilla!
2009-05-14 21:10 <DIR> --d----- c:\windows\system32\218538
2009-05-14 20:58 118 a------- c:\windows\system32\MRT.INI
2009-05-14 01:04 <DIR> --d----- c:\program\test
2009-05-14 00:58 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware2
2009-05-14 00:51 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-14 00:51 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-14 00:51 <DIR> --d----- c:\program\Malwarebytes' Anti-Malware
2009-05-14 00:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-05-08 21:25 <DIR> --d----- c:\windows\system32\796525
2009-05-05 22:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-05-05 22:32 <DIR> --d----- c:\program\SUPERAntiSpyware
2009-05-05 22:32 <DIR> --d----- c:\docume~1\rana\applic~1\SUPERAntiSpyware.com
2009-05-05 22:31 <DIR> --d----- c:\program\delade filer\Wise Installation Wizard
2009-05-05 21:13 4,294 a------- c:\windows\system32\tmp.reg
2009-05-05 21:04 <DIR> --d----- c:\documents and settings\rana\SmitfraudFix
2009-05-05 02:05 1 a------- c:\windows\z45ft5992f44.dat
2009-05-05 00:05 1 a------- c:\windows\9g2234wesdf3dfgjf23
2009-05-01 08:16 <DIR> --d----- C:\spoolerlogs
2009-04-25 11:31 49,403 a------- c:\windows\system32\rn.tmp
2009-04-23 00:30 5,284 a------- c:\windows\system32\de8bfb03bb.ax
2009-04-21 20:24 14,119 a------- c:\windows\system32\kjs
2009-04-19 21:14 <DIR> --d----- c:\docume~1\rana\applic~1\Personal
2009-04-17 21:48 14,119 a------- c:\windows\system32\xma
2009-04-17 21:48 59,904 a------- c:\windows\system32\inform.dat

==================== Find3M ====================

2009-05-06 00:44 388,232 a------- c:\windows\system32\perfh01D.dat
2009-05-06 00:44 64,744 a------- c:\windows\system32\perfc01D.dat
2009-03-06 16:24 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 02:16 826,368 a------- c:\windows\system32\wininet.dll
2009-02-20 19:18 78,336 a------- c:\windows\system32\ieencode.dll
2006-02-21 10:18 5,882 a------- c:\docume~1\rana\applic~1\wklnhst.dat
2005-02-26 23:27 2,540 a------- c:\program\Kolla.nfo
2008-09-17 08:23 32,768 a--sh--- c:\windows\system32\config\systemprofile\lokala inställningar\tidigare\history.ie5\mshist012008091720080918\index.dat

============= FINISH: 21:12:08,73 ===============

Attach:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 2006-01-22 01:06:08
System Uptime: 2009-05-16 19:26:14 (2 hours ago)

Motherboard: | | P50EA0
Processor: Intel® Pentium® M processor 1.73GHz | CPU 1 | 1733/532mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 23,618 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Ad-Aware SE Personal
Adobe Acrobat 7.0 Professional
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 7.0.5 - Svenska
ATI - Software Uninstall Utility
ATI Display Driver
ATI Kontrollpanel
Azureus
BitTornado 0.3.17
burst! v3.1.0
CCleaner (remove only)
DC++ 0.681
Disc2Phone
DivX Web Player
Google Earth
High Definition Audio - KB888111
HijackThis 2.0.2
J2SE Runtime Environment 5.0 Update 6
Java™ SE Runtime Environment 6 Update 1
Logitech Desktop Messenger
Logitech Legacy USB Camera drivrutinspaket
Logitech QuickCam
Logitech QuickCam drivrutinspaket
Logitech Updater
Macromedia Flash Player 8
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft IntelliPoint 5.3
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Works
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Music Transfer
Nero BurnRights
Nero OEM
NeroVision Express 3 SE
Net iD 4.4
Nokia Connectivity Cable Driver
Nokia PC Suite
Norman Security Suite
O2 Broadband Assistant
ooVoo
PC Connectivity Solution
PowerCinema Linux 4.0
PowerDVD
Primo
QuickTime
RealPlayer
Registry Mechanic 8.0
Skypeâ„¢ 3.5
Smart Link 56K Voice Modem
Snabbkorrigering för Windows Internet Explorer 7 (KB947864)
Snabbkorrigering för Windows XP (KB952287)
Säkerhetsuppdatering för Step by Step Interactive Training (KB898458)
Säkerhetsuppdatering för Step by Step Interactive Training (KB923723)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB938127)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB942615)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB944533)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB950759)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB953838)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB956390)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB958215)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB960714)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB961260)
Säkerhetsuppdatering för Windows Internet Explorer 7 (KB963027)
Säkerhetsuppdatering för Windows Media Player (KB911564)
Säkerhetsuppdatering för Windows Media Player (KB952069)
Säkerhetsuppdatering för Windows Media Player 10 (KB911565)
Säkerhetsuppdatering för Windows Media Player 10 (KB917734)
Säkerhetsuppdatering för Windows Media Player 10 (KB936782)
Säkerhetsuppdatering för Windows Media Player 6.4 (KB925398)
Säkerhetsuppdatering för Windows XP (KB923561)
Säkerhetsuppdatering för Windows XP (KB923689)
Säkerhetsuppdatering för Windows XP (KB938464-v2)
Säkerhetsuppdatering för Windows XP (KB938464)
Säkerhetsuppdatering för Windows XP (KB941569)
Säkerhetsuppdatering för Windows XP (KB946648)
Säkerhetsuppdatering för Windows XP (KB950760)
Säkerhetsuppdatering för Windows XP (KB950762)
Säkerhetsuppdatering för Windows XP (KB950974)
Säkerhetsuppdatering för Windows XP (KB951066)
Säkerhetsuppdatering för Windows XP (KB951376-v2)
Säkerhetsuppdatering för Windows XP (KB951376)
Säkerhetsuppdatering för Windows XP (KB951698)
Säkerhetsuppdatering för Windows XP (KB951748)
Säkerhetsuppdatering för Windows XP (KB952004)
Säkerhetsuppdatering för Windows XP (KB952954)
Säkerhetsuppdatering för Windows XP (KB953839)
Säkerhetsuppdatering för Windows XP (KB954211)
Säkerhetsuppdatering för Windows XP (KB954459)
Säkerhetsuppdatering för Windows XP (KB954600)
Säkerhetsuppdatering för Windows XP (KB955069)
Säkerhetsuppdatering för Windows XP (KB956391)
Säkerhetsuppdatering för Windows XP (KB956572)
Säkerhetsuppdatering för Windows XP (KB956802)
Säkerhetsuppdatering för Windows XP (KB956803)
Säkerhetsuppdatering för Windows XP (KB956841)
Säkerhetsuppdatering för Windows XP (KB957095)
Säkerhetsuppdatering för Windows XP (KB957097)
Säkerhetsuppdatering för Windows XP (KB958644)
Säkerhetsuppdatering för Windows XP (KB958687)
Säkerhetsuppdatering för Windows XP (KB958690)
Säkerhetsuppdatering för Windows XP (KB959426)
Säkerhetsuppdatering för Windows XP (KB960225)
Säkerhetsuppdatering för Windows XP (KB960715)
Säkerhetsuppdatering för Windows XP (KB960803)
Säkerhetsuppdatering för Windows XP (KB961373)
Sony Picture Utility
Spotify
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
ThreatFire
Uppdatering för Windows XP (KB951072-v2)
Uppdatering för Windows XP (KB951978)
Uppdatering för Windows XP (KB955839)
Uppdatering för Windows XP (KB967715)
WebFldrs XP
VideoLAN VLC media player 0.8.4a
Winamp (remove only)
Windows Defender
Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows Media Player 10 Hotfix - KB888656
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
WordFinder

==== End Of File ===========================

hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:06:07, on 2009-05-16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program\Norman\Npm\Bin\Elogsvc.exe
C:\Program\Norman\Ngs\Bin\Nprosec.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Norman\Npm\Bin\Zanda.exe
C:\Program\Norman\npm\bin\nvoy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Norman\npf\bin\npfsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program\O2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\ThreatFire\TFService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program\Norman\Npm\Bin\Nvcsched.exe
C:\Program\Norman\npc\bin\npcsvc32.exe
C:\Program\Norman\Npm\Bin\Njeeves.exe
C:\WINDOWS\System32\alg.exe
C:\Program\Norman\npc\bin\nuaa.exe
C:\Program\Norman\nse\bin\NSESVC.EXE
C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program\Synaptics\SynTP\SynTPLpr.exe
C:\Program\Synaptics\SynTP\SynTPEnh.exe
C:\Program\CyberLink\PowerDVD\PDVDServ.exe
C:\Program\Java\jre1.6.0_01\bin\jusched.exe
C:\Program\Microsoft IntelliPoint\point32.exe
C:\Program\Delade filer\Real\Update_OB\realsched.exe
C:\Program\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\iid.exe
C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program\O2\bin\sprtcmd.exe
C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program\Logitech\QuickCam\Quickcam.exe
C:\Program\ThreatFire\TFTray.exe
C:\Program\Norman\Npm\Bin\ZLH.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\svchost.exe
C:\Program\Norman\npf\bin\npfuser.exe
C:\Program\Registry Mechanic\RegMech.exe
C:\Program\Wfwin\WFReader.exe
C:\Program\Wfwin\FIEMouse.exe
C:\Program\Norman\Nvc\Bin\nvcoas.exe
C:\Program\Norman\Nvc\Bin\Nip.exe
C:\Program\Norman\Nvc\Bin\cclaw.exe
C:\Program\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7171
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\userinit32.exe,
O1 - Hosts: 82.146.46.170 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 www.myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 abbeyinternational.com
O1 - Hosts: 82.146.46.170 www.abbeyinternational.com
O1 - Hosts: 82.146.46.170 ibank.cahoot.com
O1 - Hosts: 82.146.46.170 www.ibank.cahoot.com
O1 - Hosts: 82.146.46.170 home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 www.mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 www.mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 egg.com
O1 - Hosts: 82.146.46.170 www.egg.com
O1 - Hosts: 82.146.46.170 new.egg.com
O1 - Hosts: 82.146.46.170 www.new.egg.com
O1 - Hosts: 82.146.46.170 inscape.com
O1 - Hosts: 82.146.46.170 www.inscape.com
O1 - Hosts: 82.146.46.170 bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 www.bankcardservices.co.uk
O1 - Hosts: 82.146.46.170 alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 cahoot.com
O1 - Hosts: 82.146.46.170 www.cahoot.com
O1 - Hosts: 82.146.46.170 icicibank.co.uk
O1 - Hosts: 82.146.46.170 www.icicibank.co.uk
O1 - Hosts: 82.146.46.170 natwest.com
O1 - Hosts: 82.146.46.170 www.natwest.com
O1 - Hosts: 82.146.46.170 nwolb.com
O1 - Hosts: 82.146.46.170 www.nwolb.com
O1 - Hosts: 82.146.46.170 mbna.co.uk
O1 - Hosts: 82.146.46.170 www.mbna.co.uk
O1 - Hosts: 82.146.46.170 businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 www.businesscreditcardsonline.co.uk
O1 - Hosts: 82.146.46.170 capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 www.capitaloneonline.co.uk
O1 - Hosts: 82.146.46.170 welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome26.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome22.smile.co.uk
O1 - Hosts: 82.146.46.170 service.citicards.co.uk
O1 - Hosts: 82.146.46.170 www.service.citicards.co.uk
O1 - Hosts: 82.146.46.170 citibank.co.uk
O1 - Hosts: 82.146.46.170 www.citibank.co.uk
O1 - Hosts: 82.146.46.170 scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.scotwest.co.uk
O1 - Hosts: 82.146.46.170 secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 www.secure.scotwest.co.uk
O1 - Hosts: 82.146.46.170 partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 www.partnerandaffinitycards.co.uk
O1 - Hosts: 82.146.46.170 esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 www.esavingsaccount.co.uk
O1 - Hosts: 82.146.46.170 firstdirect.com
O1 - Hosts: 82.146.46.170 www.firstdirect.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: MS extension - {E7C7AD3E-E0B2-4994-B338-F89D02AA316D} - infow32.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Net iD] C:\WINDOWS\system32\iid.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [O2] "C:\Program\O2\bin\sprtcmd.exe" /P O2
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ThreatFire] C:\Program\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [NPCTray] C:\Program\Norman\npc\bin\npc_tray.exe /LOAD
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized
O4 - HKCU\..\Run: [DL32] DL32
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKAL TJÄNST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4293084581-3797336850-3733104759-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administratör')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Genväg till Puss puss på alla hjärtans dag!.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: WordFinder Easy Reader.lnk = C:\Program\Wfwin\WFReader.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program\norman\npc\bin\nlf.dll
O10 - Unknown file in Winsock LSP: c:\program\norman\npc\bin\nlf.dll
O15 - Trusted Zone: http://*.broadband.o2.co.uk
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\DELADE~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program\Norman\Npm\Bin\Njeeves.exe
O23 - Service: Norman ZANDA - Norman ASA - C:\Program\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Parental Control (NPC) - Norman ASA - C:\Program\Norman\npc\bin\npcsvc32.exe
O23 - Service: Norman Personal Firewall Service (NPFSvc32) - Norman ASA - C:\Program\Norman\npf\bin\npfsvc32.exe
O23 - Service: Norman Security service (NPROSECSVC) - Norman ASA - C:\Program\Norman\Ngs\Bin\Nprosec.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman User Activity Agent (NUAA) - Norman ASA - C:\Program\Norman\npc\bin\nuaa.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program\Norman\Nvc\Bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program\Norman\Npm\Bin\Nvcsched.exe
O23 - Service: Norman's Very Own supplY of resources (NVOY) - Norman ASA - C:\Program\Norman\npm\bin\nvoy.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SupportSoft Sprocket Service (O2) (sprtsvc_O2) - SupportSoft, Inc. - C:\Program\O2\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program\Delade filer\Supportsoft\bin\ssrc.exe
O23 - Service: ThreatFire - PC Tools - C:\Program\ThreatFire\TFService.exe

--
End of file - 16709 bytes

Edited by highfivester, 16 May 2009 - 05:05 PM.


BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 17 May 2009 - 08:35 AM

Hello! :thumbup2:
My name is Sam and I will be helping you.

In order to see what's going on with your computer I will ask for you to post various logs from the tools that we will use to resolve your issue. Please also share with me any information about how your computer is reacting and behaving each step of the way as we work through this process.


We need to create an OTListIt2 Report
  • Please download OTListIt2 from here
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the "Run Scan" button.
  • The scan should take just a few minutes.
  • Copy the log that opens up and paste it back here in your next reply.



=============


The next log will show us any hidden files that are present.

Download GMER from here:
  • Unzip it to the desktop.
  • Open the program and click on the Rootkit tab.
  • Make sure all the boxes on the right of the screen are checked, EXCEPT for ‘Show All’.
  • Click on Scan.
  • When the scan has run click Copy and paste the results (if any) into this thread.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 17 May 2009 - 11:17 AM

Dear Sam and thank you very much for helping me out!

I noticed some of my scans includes Swedish names, please let me know if you need any transalations.

Since last post:
No more redirects
Norman does not work and Windows Security Center is always disabled (even though I changed it to start up) and I need to active Windows Firewall at every start up.

After using the computer online I did another Mbam scan this morning and found additional trojans which I deleted. uacinit.dll remains unremovable however. Seems like the computer keeps getting infected.

I have also downloaded combofix but not run it (as I got an error message and did not proceed after understanding it might be unwise to do so)


OTListIT2 log:

OTListIt logfile created on: 2009-05-17 16:45:36 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Rana\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

511,36 Mb Total Physical Memory | 143,85 Mb Available Physical Memory | 28,13% Memory free
1,22 Gb Paging File | 0,53 Gb Available in Paging File | 43,14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 74,53 Gb Total Space | 23,54 Gb Free Space | 31,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DITT-35C07F7813
Current User Name: Rana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2007-11-21 10:59:54 | 00,150,584 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Elogsvc.exe
PRC - [2008-04-22 09:36:31 | 00,121,912 | ---- | M] (Norman ASA) -- C:\Program\Norman\Ngs\Bin\Nprosec.exe
PRC - [2005-08-01 12:44:16 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MsMpEng.exe
PRC - [2008-04-24 12:04:34 | 00,429,176 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Zanda.exe
PRC - [2008-02-07 11:07:03 | 00,121,912 | ---- | M] (Norman ASA) -- C:\Program\Norman\npm\bin\nvoy.exe
PRC - [2005-08-01 12:44:16 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe
PRC - [2008-04-14 18:05:06 | 01,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008-09-19 12:23:26 | 00,597,104 | ---- | M] (Norman ASA) -- C:\Program\Norman\npf\bin\npfsvc32.exe
PRC - [2008-07-26 09:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe
PRC - [2008-07-26 09:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE
PRC - [2005-08-01 08:28:37 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe
PRC - [2007-06-07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program\O2\bin\sprtsvc.exe
PRC - [2009-03-03 12:19:40 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program\ThreatFire\TFService.exe
PRC - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2007-09-18 12:41:17 | 00,154,680 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Nvcsched.exe
PRC - [2008-05-13 10:48:58 | 00,203,896 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Njeeves.exe
PRC - [2008-04-17 13:38:22 | 00,416,880 | ---- | M] (Norman ASA) -- C:\Program\Norman\npc\bin\npcsvc32.exe
PRC - [2008-07-26 09:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe
PRC - [2008-04-30 12:42:23 | 00,117,816 | ---- | M] (Norman ASA) -- C:\Program\Norman\npc\bin\nuaa.exe
PRC - [2008-06-19 12:33:54 | 00,322,616 | ---- | M] (Norman ASA) -- C:\Program\Norman\nse\bin\NSESVC.EXE
PRC - [2005-06-28 21:05:00 | 00,344,064 | ---- | M] (ATI Technologies, Inc.) -- C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe
PRC - [2005-08-01 08:28:18 | 00,090,112 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2005-03-18 15:35:46 | 00,098,393 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005-03-18 15:34:42 | 00,688,217 | ---- | M] (Synaptics, Inc.) -- C:\Program\Synaptics\SynTP\SynTPEnh.exe
PRC - [2005-04-15 16:13:00 | 00,045,056 | ---- | M] (Cyberlink Corp.) -- C:\Program\CyberLink\PowerDVD\PDVDServ.exe
PRC - [2007-03-14 03:43:44 | 00,083,608 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program\Java\jre1.6.0_01\bin\jusched.exe
PRC - [2005-03-24 01:26:09 | 00,217,088 | ---- | M] (Microsoft Corporation) -- C:\Program\Microsoft IntelliPoint\point32.exe
PRC - [2006-03-31 16:28:15 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program\Delade filer\Real\Update_OB\realsched.exe
PRC - [2006-11-03 18:20:12 | 00,866,584 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MSASCui.exe
PRC - [2007-03-15 10:11:58 | 00,067,112 | ---- | M] (NetMaker Consulting Group AB) -- C:\WINDOWS\system32\iid.exe
PRC - [2004-12-14 02:12:02 | 00,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
PRC - [2008-03-28 22:47:46 | 00,198,184 | ---- | M] (SupportSoft, Inc.) -- C:\Program\O2\bin\sprtcmd.exe
PRC - [2008-08-14 18:11:48 | 00,565,008 | ---- | M] () -- C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe
PRC - [2008-08-14 18:15:46 | 02,407,184 | ---- | M] () -- C:\Program\Logitech\QuickCam\Quickcam.exe
PRC - [2009-03-03 12:19:44 | 00,263,440 | ---- | M] (PC Tools) -- C:\Program\ThreatFire\TFTray.exe
PRC - [2008-06-02 09:47:24 | 00,277,616 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\ZLH.EXE
PRC - [2008-04-30 13:28:02 | 00,191,544 | ---- | M] (Norman ASA) -- C:\Program\Norman\Nvc\Bin\nvcoas.exe
PRC - [2007-11-20 04:38:52 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2008-04-22 15:06:21 | 00,187,504 | ---- | M] (Norman ASA) -- C:\Program\Norman\Nvc\Bin\Nip.exe
PRC - [2007-12-10 14:32:54 | 00,130,104 | ---- | M] (Norman ASA) -- C:\Program\Norman\Nvc\Bin\cclaw.exe
PRC - [2008-08-14 18:11:14 | 00,447,248 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe
PRC - [2009-04-28 11:33:38 | 01,830,128 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2008-07-08 17:41:02 | 02,828,184 | ---- | M] (PC Tools) -- C:\Program\Registry Mechanic\RegMech.exe
PRC - [2002-05-30 19:25:06 | 01,769,984 | ---- | M] (WordFinder Software AB) -- C:\Program\Wfwin\WFReader.exe
PRC - [2002-05-14 19:01:36 | 00,225,280 | ---- | M] (WordFinder Software AB, CodePlant AB) -- C:\Program\Wfwin\FIEMouse.exe
PRC - [2009-04-06 15:32:44 | 01,277,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program\test2\mbam1.exe
PRC - [2009-04-28 19:34:34 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program\Mozilla Firefox\firefox.exe
PRC - [2008-09-18 16:07:56 | 00,384,112 | ---- | M] (Norman ASA) -- C:\Program\Norman\npf\bin\npfuser.exe
PRC - [2009-05-17 16:42:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rana\Skrivbord\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2007-08-24 22:55:26 | 00,069,632 | ---- | M] (Adobe Systems) -- C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped])
SRV - [2004-07-15 01:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2005-08-01 12:44:16 | 00,376,832 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\Ati2evxx.exe -- (Ati HotKey Poller [Auto | Running])
SRV - [2007-11-21 10:59:54 | 00,150,584 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Elogsvc.exe -- (eLoggerSvc6 [Auto | Running])
SRV - [2008-04-14 18:04:47 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005-04-04 00:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008-07-26 09:23:42 | 00,186,904 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer [Auto | Running])
SRV - [2008-07-26 09:25:36 | 00,150,040 | ---- | M] (Logitech Inc.) -- C:\Program\Delade filer\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv [Auto | Running])
SRV - [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running])
SRV - [2008-05-13 10:48:58 | 00,203,896 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Njeeves.exe -- (Norman NJeeves [On_Demand | Running])
SRV - [2008-04-24 12:04:34 | 00,429,176 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Zanda.exe -- (Norman ZANDA [Auto | Running])
SRV - [2008-04-17 13:38:22 | 00,416,880 | ---- | M] (Norman ASA) -- C:\Program\Norman\npc\bin\npcsvc32.exe -- (NPC [On_Demand | Running])
SRV - [2008-09-19 12:23:26 | 00,597,104 | ---- | M] (Norman ASA) -- C:\Program\Norman\npf\bin\npfsvc32.exe -- (NPFSvc32 [Auto | Running])
SRV - [2008-04-22 09:36:31 | 00,121,912 | ---- | M] (Norman ASA) -- C:\Program\Norman\Ngs\Bin\Nprosec.exe -- (NPROSECSVC [Auto | Running])
SRV - [2008-06-19 12:33:54 | 00,322,616 | ---- | M] (Norman ASA) -- C:\Program\Norman\nse\bin\NSESVC.EXE -- (nsesvc [On_Demand | Running])
SRV - [2008-04-30 12:42:23 | 00,117,816 | ---- | M] (Norman ASA) -- C:\Program\Norman\npc\bin\nuaa.exe -- (NUAA [On_Demand | Running])
SRV - [2008-04-30 13:28:02 | 00,191,544 | ---- | M] (Norman ASA) -- C:\Program\Norman\Nvc\Bin\nvcoas.exe -- (nvcoas [On_Demand | Running])
SRV - [2007-09-18 12:41:17 | 00,154,680 | ---- | M] (Norman ASA) -- C:\Program\Norman\Npm\Bin\Nvcsched.exe -- (NVCScheduler [On_Demand | Running])
SRV - [2008-02-07 11:07:03 | 00,121,912 | ---- | M] (Norman ASA) -- C:\Program\Norman\npm\bin\nvoy.exe -- (NVOY [Auto | Running])
SRV - [2003-07-28 12:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program\Delade filer\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2006-11-06 14:21:10 | 00,210,432 | ---- | M] (Nokia.) -- C:\Program\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer [On_Demand | Stopped])
SRV - [2005-08-01 08:28:37 | 00,057,344 | ---- | M] ( ) -- C:\WINDOWS\system32\slserv.exe -- (SLService [Auto | Running])
SRV - [2007-06-07 16:19:40 | 00,202,280 | R--- | M] (SupportSoft, Inc.) -- C:\Program\O2\bin\sprtsvc.exe -- (sprtsvc_O2 [Auto | Running])
SRV - [2007-07-27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Delade filer\Supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist [On_Demand | Stopped])
SRV - [2009-03-03 12:19:40 | 00,070,928 | ---- | M] (PC Tools) -- C:\Program\ThreatFire\TFService.exe -- (ThreatFire [Auto | Running])
SRV - [2005-01-28 01:36:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2007-01-19 12:54:14 | 00,097,136 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped])
SRV - [2006-11-03 18:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2005-08-01 12:44:16 | 01,241,088 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys -- (ati2mtag [On_Demand | Running])
DRV - [2001-08-17 22:04:46 | 00,223,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\camdrv21.sys -- (camvid20 [On_Demand | Stopped])
DRV - [2006-11-11 05:48:22 | 00,021,536 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys -- (FilterService [On_Demand | Stopped])
DRV - [2005-01-07 17:07:16 | 00,145,920 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\HdAudio.sys -- (HdAudAddService [On_Demand | Stopped])
DRV - [2008-04-13 18:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2004-12-17 15:11:38 | 00,477,696 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor [Boot | Running])
DRV - [2005-08-01 08:28:15 | 02,547,008 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2006-11-11 05:46:29 | 01,512,224 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvpopflt.sys -- (lvpopflt [On_Demand | Stopped])
DRV - [2008-07-26 09:25:02 | 00,025,624 | ---- | M] () -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys -- (LVPr2Mon [On_Demand | Running])
DRV - [2006-11-11 05:47:03 | 00,065,312 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvselsus.sys -- (lvselsus [On_Demand | Stopped])
DRV - [2006-11-11 05:48:00 | 00,040,352 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\drivers\lvusbsta.sys -- (LVUSBSta [On_Demand | Stopped])
DRV - [2006-11-11 05:48:11 | 01,083,680 | R--- | M] (Logitech Inc.) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys -- (LVUVC [On_Demand | Stopped])
DRV - [2001-08-17 21:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2005-08-01 08:28:35 | 00,229,720 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlmnt5.sys -- (Mtlmnt5 [On_Demand | Running])
DRV - [2005-08-01 08:28:35 | 01,396,048 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\SLDRV\Mtlstrm.sys -- (Mtlstrm [On_Demand | Stopped])
DRV - [2007-01-02 09:55:17 | 00,020,448 | ---- | M] (Norman ASA) -- C:\Program\Norman\Nse\Bin\NDISKIO.SYS -- (Ndiskio [Auto | Running])
DRV - [2008-02-07 12:12:14 | 00,079,752 | ---- | M] (Norman ASA) -- C:\WINDOWS\System32\drivers\ndis_rd.sys -- (NDIS_RD [Boot | Running])
DRV - [2006-10-10 09:54:32 | 00,009,216 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdc.sys -- (Nokia USB Generic [On_Demand | Stopped])
DRV - [2006-10-10 09:54:32 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcm.sys -- (Nokia USB Modem [On_Demand | Stopped])
DRV - [2006-10-10 09:54:34 | 00,138,240 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcd.sys -- (Nokia USB Phone Parent [On_Demand | Stopped])
DRV - [2006-10-10 09:54:32 | 00,012,800 | ---- | M] (Nokia) -- C:\WINDOWS\system32\drivers\nmwcdcj.sys -- (Nokia USB Port [On_Demand | Stopped])
DRV - [2008-04-15 15:57:30 | 00,052,792 | ---- | M] (Norman ASA) -- C:\Program\Norman\Ngs\Bin\nprosec.sys -- (NPROSEC [System | Running])
DRV - [2008-09-02 12:48:33 | 00,019,512 | ---- | M] (Norman ASA) -- C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys -- (NvcMFlt [On_Demand | Running])
DRV - [2005-03-15 11:45:20 | 00,020,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\DRIVERS\point32.sys -- (Point32 [On_Demand | Stopped])
DRV - [2004-08-04 14:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2008-04-10 18:29:22 | 00,044,944 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2005-08-01 08:28:35 | 00,014,520 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\SLDRV\RecAgent.sys -- (RecAgent [Boot | Running])
DRV - [2005-08-01 08:28:34 | 00,070,912 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys -- (RTL8023xp [On_Demand | Running])
DRV - [2009-04-28 11:33:42 | 00,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV [System | Running])
DRV - [2009-04-28 11:33:44 | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM [On_Demand | Running])
DRV - [2009-04-28 11:33:40 | 00,072,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) -- C:\Program\SUPERAntiSpyware\SASKUTIL.sys -- (SASKUTIL [System | Running])
DRV - [2007-11-13 12:25:56 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2005-01-11 17:58:48 | 00,030,976 | ---- | M] (Silicon Integrated Systems Corp) -- C:\WINDOWS\system32\drivers\SiSRaid2.sys -- (SiSRaid2 [Boot | Running])
DRV - [2005-08-01 08:28:36 | 00,230,448 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\SLDRV\slazldrv.sys -- (Slazldrv [On_Demand | Running])
DRV - [2005-08-01 08:28:36 | 00,101,136 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\SLDRV\Slnthal.sys -- (SlNtHal [On_Demand | Stopped])
DRV - [2005-08-01 08:28:37 | 00,013,216 | ---- | M] ( ) -- C:\WINDOWS\system32\DRIVERS\SLDRV\SlWdmSup.sys -- (SlWdmSup [On_Demand | Running])
DRV - [2001-08-17 21:56:16 | 00,007,552 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS -- (SONYPVU1 [On_Demand | Stopped])
DRV - [2007-06-10 13:54:53 | 00,682,232 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2005-03-18 15:22:46 | 00,188,928 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2008-02-07 12:12:18 | 00,074,624 | ---- | M] (Norman ASA) -- C:\WINDOWS\system32\drivers\TDI_RD.SYS -- (TDI_RD [System | Running])
DRV - [2009-03-03 12:19:54 | 00,051,472 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon [Boot | Running])
DRV - [2009-03-03 12:19:56 | 00,033,040 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon [On_Demand | Running])
DRV - [2009-03-03 12:19:58 | 00,039,184 | ---- | M] (PC Tools) -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon [Boot | Running])
DRV - [2008-04-13 20:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio [On_Demand | Stopped])
DRV - [2005-08-01 08:29:29 | 00,060,928 | ---- | M] (VIA Technologies inc,.ltd) -- C:\WINDOWS\system32\drivers\viamraid.sys -- (viamraid [Boot | Running])
DRV - [2005-08-01 08:29:27 | 03,222,784 | ---- | M] (Intel® Corporation) -- C:\WINDOWS\system32\DRIVERS\w29n51.sys -- (w29n51 [On_Demand | Running])
DRV - [2005-05-24 16:00:37 | 00,052,384 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800bus.sys -- (w800bus [On_Demand | Stopped])
DRV - [2005-05-24 16:00:44 | 00,006,096 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800mdfl.sys -- (w800mdfl [On_Demand | Stopped])
DRV - [2005-05-24 16:00:46 | 00,087,424 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800mdm.sys -- (w800mdm [On_Demand | Stopped])
DRV - [2005-05-24 16:00:56 | 00,079,216 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800mgmt.sys -- (w800mgmt [On_Demand | Stopped])
DRV - [2005-05-24 16:01:16 | 00,077,040 | R--- | M] (MCCI) -- C:\WINDOWS\system32\DRIVERS\w800obex.sys -- (w800obex [On_Demand | Stopped])
DRV - File not found -- -- (wpxkz [Unknown | Running])
DRV - [2009-04-06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\S-1-5-21-4293084581-3797336850-3733104759-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\S-1-5-21-4293084581-3797336850-3733104759-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\S-1-5-21-4293084581-3797336850-3733104759-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.startup.homepage: "http://www.dn.se/"
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}:6.0.01
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM\MOZILLA FIREFOX\COMPONENTS [2009-04-30 23:55:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM\MOZILLA FIREFOX\PLUGINS [2009-04-28 19:34:45 | 00,000,000 | ---D | M]

[2008-08-27 23:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rana\Application Data\mozilla\Extensions
[2008-08-27 23:36:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rana\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009-05-17 13:13:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rana\Application Data\mozilla\Firefox\Profiles\ijaz5xas.default\extensions
[2008-12-11 21:26:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Rana\Application Data\mozilla\Firefox\Profiles\ijaz5xas.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009-05-17 13:13:30 | 00,000,000 | ---D | M] -- C:\Program\mozilla firefox\extensions
[2006-08-20 15:07:47 | 00,000,000 | ---D | M] -- C:\Program\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009-04-28 19:34:44 | 00,000,000 | ---D | M] -- C:\Program\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007-05-07 19:05:43 | 00,000,000 | ---D | M] -- C:\Program\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2009-04-28 19:34:34 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program\mozilla firefox\components\browserdirprovider.dll
[2009-04-28 19:34:34 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program\mozilla firefox\components\brwsrcmp.dll
[2008-08-27 23:36:33 | 00,001,394 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\amazondotcom.xml
[2008-08-27 23:36:33 | 00,002,193 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\answers.xml
[2008-08-27 23:36:33 | 00,001,534 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\creativecommons.xml
[2008-11-14 11:27:37 | 00,002,343 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\eBay.xml
[2008-08-27 23:36:33 | 00,001,706 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\google.xml
[2008-08-27 23:36:33 | 00,001,178 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\wikipedia.xml
[2008-08-27 23:36:33 | 00,000,792 | ---- | M] () -- C:\Program\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (3139 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 82.146.46.170 myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 www.myonlineaccounts2.abbeynational.co.uk
O1 - Hosts: 82.146.46.170 abbeyinternational.com
O1 - Hosts: 82.146.46.170 www.abbeyinternational.com
O1 - Hosts: 82.146.46.170 ibank.cahoot.com
O1 - Hosts: 82.146.46.170 www.ibank.cahoot.com
O1 - Hosts: 82.146.46.170 home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.ybonline.co.uk
O1 - Hosts: 82.146.46.170 home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 www.home.cbonline.co.uk
O1 - Hosts: 82.146.46.170 mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 www.mybank.alliance-leicester.co.uk
O1 - Hosts: 82.146.46.170 mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 www.mybusinessbank.co.uk
O1 - Hosts: 82.146.46.170 mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 www.mybankoffshore.alil.co.im
O1 - Hosts: 82.146.46.170 welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 www.welcome27.co-operativebank.co.uk
O1 - Hosts: 82.146.46.170 welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 www.welcome23.smile.co.uk
O1 - Hosts: 82.146.46.170 egg.com
O1 - Hosts: 82.146.46.170 www.egg.com
O1 - Hosts: 82.146.46.170 new.egg.com
O1 - Hosts: 82.146.46.170 www.new.egg.com
O1 - Hosts: 39 more lines...
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" (Adobe Systems Inc.)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AlcWzrd] ALCWZRD.EXE (RealTek Semicoductor Corp.)
O4 - HKLM..\Run: [ATIPTA] "C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Genväg till egenskapssida för High Definition Audio] HDAShCut.exe (Windows ® Server 2003 DDK provider)
O4 - HKLM..\Run: [InstantOn] "C:\Program Files\CyberLink\PowerCinema Linux\ion_install.exe" /c ()
O4 - HKLM..\Run: [IntelliPoint] "C:\Program\Microsoft IntelliPoint\point32.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [LogitechCommunicationsManager] "C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" ()
O4 - HKLM..\Run: [LogitechQuickCamRibbon] "C:\Program\Logitech\QuickCam\Quickcam.exe" /hide ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [Net iD] C:\WINDOWS\system32\iid.exe (NetMaker Consulting Group AB)
O4 - HKLM..\Run: [Norman ZANDA] "C:\Program\Norman\Npm\Bin\ZLH.EXE" /LOAD /SPLASH (Norman ASA)
O4 - HKLM..\Run: [NPCTray] C:\Program\Norman\npc\bin\npc_tray.exe /LOAD (Norman ASA)
O4 - HKLM..\Run: [O2] "C:\Program\O2\bin\sprtcmd.exe" /P O2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup (Nokia)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime (Apple Computer, Inc.)
O4 - HKLM..\Run: [RemoteControl] C:\Program\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program\Java\jre1.6.0_01\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [ThreatFire] C:\Program\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [TkBellExe] "C:\Program\Delade filer\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] "C:\Program\Windows Defender\MSASCui.exe" -hide (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] "C:\Program\DELADE~1\MICROS~1\DW\dwtrig20.exe" -t (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [PcSync] C:\Program\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (Time Information Services Ltd.)
O4 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006..\Run: [DAEMON Tools] "C:\Program\DAEMON Tools\daemon.exe" -lang 1033 -noicon (DT Soft Ltd.)
O4 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006..\Run: [LDM] C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006..\Run: [ooVoo.exe] C:\Program Files\ooVoo\ooVoo.exe /minimized File not found
O4 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006..\Run: [RegistryMechanic] C:\Program\Registry Mechanic\RegMech.exe /H (PC Tools)
O4 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006..\Run: [SUPERAntiSpyware] C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006..\Run: [updateMgr] C:\Program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_5 -reboot 1 (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk = C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Reader Speed Launch.lnk = C:\Program\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Logitech Desktop Messenger.lnk = C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start-meny\Program\Autostart\WordFinder Easy Reader.lnk = C:\Program\Wfwin\WFReader.exe (WordFinder Software AB)
O4 - Startup: C:\Documents and Settings\Rana\Start-meny\Program\Autostart\Genväg till Puss puss på alla hjärtans dag!.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableProfileQuota = 1
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006_Classes\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006_Classes\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKU\S-1-5-21-4293084581-3797336850-3733104759-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program\MICROS~3\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program\Norman\npc\bin\nlf.dll (Norman ASA)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\..Trusted Domains: o2.co.uk ([*.broadband] http in Trusted sites)
O15 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\..Trusted Domains: o2.co.uk ([*.broadband] https in Trusted sites)
O15 - HKU\S-1-5-21-4293084581-3797336850-3733104759-1006\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://download.bitdefender.com/resources/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab (Housecall ActiveX 6.5)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} http://messenger.msn.com/download/MsnMesse...pDownloader.cab (MsnMessengerSetupDownloadControl Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program\Delade filer\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program\Delade filer\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program\Delade filer\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program\Delade filer\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program\Delade filer\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program\Delade filer\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program\SUPERAntiSpyware\SASWINLO.dll - C:\Program\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Min aktuella startsida) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005-08-16 20:43:43 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009-05-16 12:20:50 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAZYQ9R3.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAYV01A7.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAYNWTMN.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAUZGLO5.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CASD2FOL.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAKP2LJW.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAGX2FKP.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA6F0XWH.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA4T4DWB.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA41MZOD.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA3IYPRZ.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA3EHOXZ.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA2VKRHY.
[2009-05-17 16:44:25 | 10,314,752 | ---- | C] (Luis Cobian) -- C:\Documents and Settings\Rana\Skrivbord\cbSetup.exe
[2009-05-17 16:42:47 | 00,286,208 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe
[2009-05-17 16:42:25 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rana\Skrivbord\OTListIt2.exe
[2009-05-17 01:56:24 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-05-17 01:56:22 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009-05-17 01:55:59 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009-05-17 01:55:48 | 00,391,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009-05-17 01:55:39 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009-05-17 01:34:07 | 02,344,896 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rana\Skrivbord\mamamma.exe
[2009-05-17 01:31:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rana\Skrivbord\virus
[2009-05-17 00:39:03 | 02,988,937 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\Comb.exe
[2009-05-17 00:29:52 | 03,686,173 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\SASDEFINITIONS.EXE
[2009-05-17 00:27:07 | 02,988,937 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\ComboFix.exe
[2009-05-17 00:27:04 | 01,341,005 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\MGtools.exe
[2009-05-16 21:09:24 | 00,359,883 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\dds.scr
[2009-05-16 21:05:43 | 00,001,684 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\HijackThis.lnk
[2009-05-16 21:05:43 | 00,000,000 | ---D | C] -- C:\Program\Trend Micro
[2009-05-16 20:55:23 | 00,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Rana\Skrivbord\HJTInstall1.exe
[2009-05-16 14:45:27 | 00,079,752 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ndis_rd.sys
[2009-05-16 14:45:27 | 00,074,624 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\tdi_rd.sys
[2009-05-16 14:45:27 | 00,042,552 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\ale_nf.sys
[2009-05-16 14:45:26 | 00,212,024 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\nscrnsav.scr
[2009-05-16 14:45:26 | 00,019,512 | ---- | C] (Norman ASA) -- C:\WINDOWS\System32\drivers\nvcw32mf.sys
[2009-05-16 14:44:56 | 00,000,000 | ---D | C] -- C:\Program\Norman
[2009-05-16 13:29:00 | 53,626,8800 | -HS- | C] () -- C:\hiberfil.sys
[2009-05-16 12:23:18 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2009-05-16 12:15:06 | 00,001,498 | ---- | C] () -- C:\Documents and Settings\Rana\Skrivbord\CCleaner.lnk
[2009-05-16 12:15:05 | 00,000,000 | ---D | C] -- C:\Program\CCleaner
[2009-05-16 11:54:25 | 00,000,002 | -H-- | C] () -- C:\WINDOWS\sto453189.dat
[2009-05-15 08:44:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rana\Application Data\Malwarebytes
[2009-05-15 01:19:09 | 00,000,000 | ---D | C] -- C:\Program\PC Tools AntiVirus
[2009-05-15 01:19:05 | 00,000,700 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Registry Mechanic.lnk
[2009-05-15 01:19:04 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2009-05-15 01:19:02 | 00,000,000 | ---D | C] -- C:\Program\Registry Mechanic
[2009-05-15 01:16:30 | 44,893,168 | ---- | C] (PC Tools ) -- C:\Documents and Settings\Rana\Skrivbord\avinstall.exe
[2009-05-15 00:58:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009-05-15 00:58:06 | 00,000,595 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\ThreatFire.lnk
[2009-05-15 00:58:03 | 00,051,472 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfFsMon.sys
[2009-05-15 00:58:03 | 00,039,184 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfSysMon.sys
[2009-05-15 00:58:03 | 00,033,040 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfNetMon.sys
[2009-05-15 00:58:03 | 00,012,560 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\TfKbMon.sys
[2009-05-15 00:58:02 | 00,000,000 | ---D | C] -- C:\Program\ThreatFire
[2009-05-15 00:58:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009-05-15 00:50:16 | 00,000,000 | ---D | C] -- C:\Program\test2
[2009-05-14 21:31:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2009-05-14 21:27:43 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\iS3
[2009-05-14 21:27:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2009-05-14 21:10:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\218538
[2009-05-14 20:58:28 | 00,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009-05-14 01:04:10 | 00,000,000 | ---D | C] -- C:\Program\test
[2009-05-14 01:02:04 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rana\Skrivbord\test.exe
[2009-05-14 00:58:05 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware2
[2009-05-14 00:51:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009-05-14 00:51:39 | 00,000,561 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2009-05-14 00:51:36 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009-05-14 00:51:35 | 00,000,000 | ---D | C] -- C:\Program\Malwarebytes' Anti-Malware
[2009-05-14 00:51:35 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009-05-14 00:50:05 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rana\Skrivbord\mbam-setup(2).exe
[2009-05-11 23:51:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rana\Skrivbord\Sondagsparty.Med.Filip.Och.Fredrik.S01E03.SWEDiSH.PDTV.XviD-REMAiN
[2009-05-05 22:32:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009-05-05 22:32:19 | 00,000,742 | ---- | C] () -- C:\Documents and Settings\All Users\Skrivbord\SUPERAntiSpyware Free Edition.lnk
[2009-05-05 22:32:09 | 00,000,000 | ---D | C] -- C:\Program\SUPERAntiSpyware
[2009-05-05 22:32:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rana\Application Data\SUPERAntiSpyware.com
[2009-05-05 22:31:35 | 00,000,000 | ---D | C] -- C:\Program\Delade filer\Wise Installation Wizard
[2009-05-05 21:13:21 | 00,004,294 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009-05-05 02:05:42 | 00,000,001 | ---- | C] () -- C:\WINDOWS\z45ft5992f44.dat
[2009-05-01 08:16:15 | 00,000,000 | ---D | C] -- C:\spoolerlogs
[2009-04-23 00:30:58 | 00,005,284 | ---- | C] () -- C:\WINDOWS\System32\de8bfb03bb.ax
[2009-04-21 20:24:29 | 00,014,119 | ---- | C] () -- C:\WINDOWS\System32\kjs
[2009-04-20 21:35:24 | 00,000,162 | ---- | C] () -- C:\Documents and Settings\Rana\Lokala inställningar\Tempdelself.bat
[2009-04-19 22:25:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rana\Mina dokument\Picture Motion Browser
[2009-04-19 21:14:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Rana\Application Data\Personal
[2009-04-17 21:48:36 | 00,014,119 | ---- | C] () -- C:\WINDOWS\System32\xma
[2009-04-17 21:48:35 | 00,059,904 | ---- | C] () -- C:\WINDOWS\System32\inform.dat
[2008-09-16 00:46:35 | 00,000,704 | ---- | C] () -- C:\WINDOWS\{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}_WiseFW.ini
[2008-07-26 09:25:02 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2007-11-29 18:37:50 | 00,000,000 | ---- | C] () -- C:\WINDOWS\MSDraw.ini
[2007-11-10 18:33:28 | 00,042,594 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007-07-24 20:58:57 | 00,018,610 | ---- | C] () -- C:\WINDOWS\iid.ini
[2007-06-10 13:54:51 | 00,682,232 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006-09-29 21:12:35 | 00,000,032 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006-04-03 19:11:07 | 02,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2006-04-03 19:11:07 | 00,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2006-04-03 19:11:07 | 00,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2006-04-03 19:11:07 | 00,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2006-01-26 21:27:43 | 00,000,740 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006-01-22 15:40:52 | 00,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005-12-07 12:31:00 | 00,202,752 | R--- | C] () -- C:\WINDOWS\System32\CddbCdda.dll
[2005-08-16 21:29:58 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005-08-16 21:15:05 | 00,540,672 | ---- | C] () -- C:\WINDOWS\System32\SLLights.dll
[2005-08-16 21:15:05 | 00,221,184 | ---- | C] () -- C:\WINDOWS\System32\amr_cpl.dll
[2005-08-16 21:15:05 | 00,151,552 | ---- | C] () -- C:\WINDOWS\System32\SLMOHServ.dll
[2005-08-16 21:15:05 | 00,014,976 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\winddx.sys
[2005-08-16 21:09:12 | 00,000,788 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2005-08-16 20:46:45 | 00,000,828 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005-08-16 20:41:28 | 00,003,529 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005-08-16 13:09:31 | 00,212,992 | ---- | C] () -- C:\WINDOWS\System32\slextspk.dll
[2005-08-16 13:09:31 | 00,180,224 | ---- | C] () -- C:\WINDOWS\System32\SLGen.dll
[2005-08-16 13:09:31 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\slcoinst.dll
[2005-08-16 13:09:26 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005-08-16 13:06:54 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\property.dll
[2005-08-16 13:06:41 | 00,000,653 | ---- | C] () -- C:\WINDOWS\win.ini
[2005-08-16 13:06:40 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2005-03-01 16:30:20 | 00,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2003-01-07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAZYQ9R3.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAYV01A7.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAYNWTMN.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAUZGLO5.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CASD2FOL.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAKP2LJW.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CAGX2FKP.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA6F0XWH.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA4T4DWB.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA41MZOD.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA3IYPRZ.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA3EHOXZ.
File not found -- C:\Documents and Settings\Rana\Skrivbord\CA2VKRHY.
[2009-05-17 16:45:32 | 10,314,752 | ---- | M] (Luis Cobian) -- C:\Documents and Settings\Rana\Skrivbord\cbSetup.exe
[2009-05-17 16:42:49 | 00,286,208 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe
[2009-05-17 16:42:45 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rana\Skrivbord\OTListIt2.exe
[2009-05-17 16:31:34 | 00,000,318 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009-05-17 16:30:55 | 00,002,309 | ---- | M] () -- C:\Documents and Settings\All Users\Start-meny\Program\Autostart\Adobe Acrobat Speed Launcher.lnk
[2009-05-17 16:28:58 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009-05-17 16:28:18 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009-05-17 16:28:15 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Rana\Lokala inställningar\desktop.ini
[2009-05-17 16:28:12 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009-05-17 16:28:07 | 53,626,8800 | -HS- | M] () -- C:\hiberfil.sys
[2009-05-17 01:55:48 | 00,391,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\cmd.execf
[2009-05-17 01:34:33 | 02,344,896 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rana\Skrivbord\mamamma.exe
[2009-05-17 00:39:34 | 02,988,937 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\Comb.exe
[2009-05-17 00:30:22 | 03,686,173 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\SASDEFINITIONS.EXE
[2009-05-17 00:27:32 | 02,988,937 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\ComboFix.exe
[2009-05-17 00:27:18 | 01,341,005 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\MGtools.exe
[2009-05-16 21:09:27 | 00,359,883 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\dds.scr
[2009-05-16 21:05:43 | 00,001,684 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\HijackThis.lnk
[2009-05-16 20:55:30 | 00,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Rana\Skrivbord\HJTInstall1.exe
[2009-05-16 12:15:06 | 00,001,498 | ---- | M] () -- C:\Documents and Settings\Rana\Skrivbord\CCleaner.lnk
[2009-05-16 11:54:25 | 00,000,002 | -H-- | M] () -- C:\WINDOWS\sto453189.dat
[2009-05-15 01:19:05 | 00,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Registry Mechanic.lnk
[2009-05-15 01:17:40 | 44,893,168 | ---- | M] (PC Tools ) -- C:\Documents and Settings\Rana\Skrivbord\avinstall.exe
[2009-05-15 00:58:06 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\ThreatFire.lnk
[2009-05-15 00:50:21 | 00,000,561 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\Malwarebytes' Anti-Malware.lnk
[2009-05-14 20:58:28 | 00,000,118 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2009-05-14 01:02:52 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rana\Skrivbord\test.exe
[2009-05-14 00:50:39 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rana\Skrivbord\mbam-setup(2).exe
[2009-05-11 00:00:24 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Rana\Mina dokument\Mina delade mappar.lnk
[2009-05-08 00:15:21 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009-05-07 09:16:29 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009-05-06 00:44:18 | 00,388,232 | ---- | M] () -- C:\WINDOWS\System32\perfh01D.dat
[2009-05-06 00:44:17 | 00,384,930 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009-05-06 00:44:17 | 00,064,744 | ---- | M] () -- C:\WINDOWS\System32\perfc01D.dat
[2009-05-06 00:44:17 | 00,054,614 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009-05-06 00:44:12 | 00,901,656 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009-05-05 23:36:57 | 00,005,284 | ---- | M] () -- C:\WINDOWS\System32\de8bfb03bb.ax
[2009-05-05 22:32:19 | 00,000,742 | ---- | M] () -- C:\Documents and Settings\All Users\Skrivbord\SUPERAntiSpyware Free Edition.lnk
[2009-05-05 22:00:28 | 00,004,294 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009-05-05 02:05:42 | 00,000,001 | ---- | M] () -- C:\WINDOWS\z45ft5992f44.dat
[2009-04-21 20:24:29 | 00,059,904 | ---- | M] () -- C:\WINDOWS\System32\inform.dat
[2009-04-21 20:24:29 | 00,014,119 | ---- | M] () -- C:\WINDOWS\System32\kjs
[2009-04-20 21:35:24 | 00,000,162 | ---- | M] () -- C:\Documents and Settings\Rana\Lokala inställningar\Tempdelself.bat
[2009-04-20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009-04-17 21:48:36 | 00,014,119 | ---- | M] () -- C:\WINDOWS\System32\xma

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
< End of report >

EXTRAS:
OTListIt Extras logfile created on: 2009-05-17 16:45:36 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.8 Folder = C:\Documents and Settings\Rana\Skrivbord
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000041D | Country: Sverige | Language: SVE | Date Format: yyyy-MM-dd

511,36 Mb Total Physical Memory | 143,85 Mb Available Physical Memory | 28,13% Memory free
1,22 Gb Paging File | 0,53 Gb Available in Paging File | 43,14% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program
Drive C: | 74,53 Gb Total Space | 23,54 Gb Free Space | 31,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DITT-35C07F7813
Current User Name: Rana
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"443:TCP" = 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"80:TCP" = 80:TCP:*:Enabled:SYS32DLL
"7171:TCP" = 7171:TCP:*:Enabled:SYS32DLL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[2007-11-20 04:38:52 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-19 12:55:22 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[2009-02-28 06:54:41 | 00,636,072 | ---- | M] (Microsoft Corporation) -- C:\Program\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer
[2008-04-14 18:05:13 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
[2006-01-21 12:27:20 | 01,454,080 | ---- | M] () -- C:\Program\DC++\DCPlusPlus.exe:*:Enabled:DC++
[2007-11-20 04:38:52 | 00,067,128 | ---- | M] (Logitech Inc.) -- C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger
[2008-04-13 20:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
[2007-01-19 12:55:22 | 05,674,352 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
[2007-01-04 16:10:02 | 00,297,752 | ---- | M] (Microsoft Corporation) -- C:\Program\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)
[2008-09-23 21:16:38 | 00,254,976 | ---- | M] (Azureus Inc) -- C:\Program\Azureus\Azureus.exe:*:Enabled:Azureus
[2009-02-28 19:56:06 | 02,517,888 | ---- | M] (Spotify AB) -- C:\Program\Spotify\spotify.exe:*:Enabled:Spotify
[2007-09-13 14:31:38 | 22,880,040 | R--- | M] (Skype Technologies S.A.) -- C:\Program\Skype\Phone\Skype.exe:*:Enabled:Skype
[2007-10-25 18:51:48 | 01,000,056 | ---- | M] (SupportSoft, Inc.) -- C:\Program\O2\agent\bin\bcont.exe:*:Disabled:bcont.exe
[2007-10-25 18:52:00 | 01,278,584 | ---- | M] (SupportSoft, Inc.) -- C:\Program\O2\agent\bin\bcont_nm.exe:*:Disabled:bcont_nm.exe
[2007-10-25 18:52:28 | 00,136,744 | ---- | M] (SupportSoft, Inc.) -- C:\Program\O2\bin\wificfg.exe:*:Disabled:sprtcmd.exe
[2007-07-27 05:39:32 | 00,382,320 | ---- | M] (SupportSoft, Inc.) -- C:\Program\Delade filer\SupportSoft\bin\ssrc.exe:*:Disabled:ssrc.exe

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Kontrollpanel
"{0FF1922C-B6C4-40BB-AF30-BEF75A482444}" = Nokia Connectivity Cable Driver
"{14291118-0C19-45EA-A4FA-5C1C0F5FDE09}" = Primo
"{1B58C9D2-1925-413F-B29A-C4E7596C43F5}" = Nokia PC Suite
"{2E55A582-4FFE-4FF2-8D4D-E7D275FF89BD}" = Windows Live Messenger
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{350C941d-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AF8FCCD-F51A-4014-9002-F195E1CBC876}" = Logitech QuickCam
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{4507868A-A9CD-4ECC-BD54-0EAB6EE81D42}" = O2 Broadband Assistant
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.5
"{5E977DEC-5BB4-44C7-9FE5-9357D2DB4FCB}" = Disc2Phone
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1053-7B44-A70500000002}" = Adobe Reader 7.0.5 - Svenska
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B34404-2E52-4C1F-A2B7-D26E46E5974D}" = Norman Security Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2121C6-C94D-4A73-8EA4-6943F33EE335}" = Music Transfer
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{D5F82F8F-4DE2-11D9-A373-0050BAE317E1}" = PowerCinema Linux 4.0
"{D8E4A66D-DB68-481F-ABA8-AC622566D4CB}" = PC Connectivity Solution
"{F4B620CE-4297-4140-B0C3-6D4E8A8EF0AB}" = Microsoft Works
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"0852D05415AB9A4F1EF451E342267F76C776ED2F" = Windows Driver Package - Nokia Modem (11/03/2006 6.82.0.1)
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"4CFD94C379217A02D5EA067615FF789CD731BCDB" = Windows Driver Package - Nokia (WUDFRd) WPD (11/03/2006 6.82.26.2)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Azureus" = Azureus
"BitTornado" = BitTornado 0.3.17
"CCleaner" = CCleaner (remove only)
"DC++" = DC++ 0.681
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{929408E6-D265-4174-805F-81D1D914E2A4}" = QuickTime
"legacyqcam_10.40" = Logitech Legacy USB Camera drivrutinspaket
"lvdrivers_11.80" = Logitech QuickCam drivrutinspaket
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = NeroVision Express 3 SE
"Net iD" = Net iD 4.4
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 8.0
"ShockwaveFlash" = Macromedia Flash Player 8
"SLAMRNTV" = Smart Link 56K Voice Modem
"Spotify" = Spotify
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Winamp" = Winamp (remove only)
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"VLC media player" = VideoLAN VLC media player 0.8.4a
"WordFinder" = WordFinder

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4293084581-3797336850-3733104759-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"burst" = burst! v3.1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2009-05-17 06:48:16 | Computer Name = DITT-35C07F7813 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DITT-35C07F7813\Rana Checkpoint ID: 1 Error Code: 0x80070005

Error
description: Åtkomst nekad.

Error - 2009-05-17 06:48:16 | Computer Name = DITT-35C07F7813 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DITT-35C07F7813\Rana Checkpoint ID: 1 Error Code: 0x8000ffff

Error
description: Oåterkalleligt fel

Error - 2009-05-17 06:48:19 | Computer Name = DITT-35C07F7813 | Source = Nvcoas | ID = 131073
Description = Norman Virus Control non fatal error: Boot sector repair module not
available

Error - 2009-05-17 06:59:41 | Computer Name = DITT-35C07F7813 | Source = NormanNPT | ID = 131073
Description = Norman Message [2009/05/17 12:59:40] --------------------------------------------------------
Application:
Norman Internet Update Node address: 127.0.0.1 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2009-05-17 08:00:29 | Computer Name = DITT-35C07F7813 | Source = NormanNPT | ID = 131073
Description = Norman Message [2009/05/17 14:00:29] --------------------------------------------------------
Application:
Norman Internet Update Node address: 127.0.0.1 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2009-05-17 09:01:11 | Computer Name = DITT-35C07F7813 | Source = NormanNPT | ID = 131073
Description = Norman Message [2009/05/17 15:01:11] --------------------------------------------------------
Application:
Norman Internet Update Node address: 127.0.0.1 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

Error - 2009-05-17 10:28:55 | Computer Name = DITT-35C07F7813 | Source = Nvcoas | ID = 131073
Description = Norman Virus Control non fatal error: Boot sector repair module not
available

Error - 2009-05-17 10:29:09 | Computer Name = DITT-35C07F7813 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DITT-35C07F7813\Rana Checkpoint ID: 1 Error Code: 0x80070005

Error
description: Åtkomst nekad.

Error - 2009-05-17 10:29:09 | Computer Name = DITT-35C07F7813 | Source = WinDefendRtp | ID = 3003
Description = %%827 Real-Time Protection checkpoint has encountered an error and
failed to start. User: DITT-35C07F7813\Rana Checkpoint ID: 1 Error Code: 0x8000ffff

Error
description: Oåterkalleligt fel

Error - 2009-05-17 10:34:21 | Computer Name = DITT-35C07F7813 | Source = NormanNPT | ID = 131073
Description = Norman Message [2009/05/17 16:34:21] --------------------------------------------------------
Application:
Norman Internet Update Node address: 127.0.0.1 --------------------------------------------------------

Error
message: Running scheduled - shall not start LicWiz

[ System Events ]
Error - 2009-05-16 20:08:07 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten jrwttm kunde inte startas på grund av följande fel: %%2

Error - 2009-05-16 20:08:26 | Computer Name = DITT-35C07F7813 | Source = System Error | ID = 1003
Description = Felkod 100000d1, parameter1 e1cc5000, parameter2 00000002, parameter3
00000000, parameter4 eb87ab00.

Error - 2009-05-17 05:50:15 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten jrwttm kunde inte startas på grund av följande fel: %%2

Error - 2009-05-17 06:11:09 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten yucuiy kunde inte startas på grund av följande fel: %%2

Error - 2009-05-17 06:11:09 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten jrwttm kunde inte startas på grund av följande fel: %%2

Error - 2009-05-17 06:11:12 | Computer Name = DITT-35C07F7813 | Source = System Error | ID = 1003
Description = Felkod 100000d1, parameter1 e1cb3000, parameter2 00000002, parameter3
00000000, parameter4 babbfb00.

Error - 2009-05-17 06:48:44 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten yucuiy kunde inte startas på grund av följande fel: %%2

Error - 2009-05-17 06:48:44 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten jrwttm kunde inte startas på grund av följande fel: %%2

Error - 2009-05-17 10:29:45 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten yucuiy kunde inte startas på grund av följande fel: %%2

Error - 2009-05-17 10:29:45 | Computer Name = DITT-35C07F7813 | Source = Service Control Manager | ID = 7000
Description = Tjänsten jrwttm kunde inte startas på grund av följande fel: %%2


< End of report >

GMER: Will follow as it was too big to post!

#4 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 17 May 2009 - 11:23 AM

GMER 1 log attached as it was too big to post!

Attached Files



#5 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 17 May 2009 - 11:27 AM

Part 2:

.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Delade filer\LogiShrd\LVCOMSER\LVComSer.exe[2520] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3E, 5F]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F700F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F490F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F610F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F580F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F310F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F250F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F5E0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F340F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F370F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F430F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F6A0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F3A0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F280F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F520F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F4F0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F550F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [68, 5F]
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Norman\npc\bin\nuaa.exe[2584] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F400F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3E, 5F]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F700F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F490F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F610F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F580F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F310F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F250F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F5E0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F340F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F370F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F430F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F6A0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F3A0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F280F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F520F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F4F0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F550F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [68, 5F]
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Norman\nse\bin\NSESVC.EXE[2664] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F400F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\FIEMouse.exe[2684] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4C, 5F] {DEC ESP; POP EDI}
.text C:\Program\Wfwin\FIEMouse.exe[2684] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\FIEMouse.exe[2684] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [3A, 5F]
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F690F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F720F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7E0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F570F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6F0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F660F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3C0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F5A0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3F0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F330F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6C0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F420F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F450F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7C, 5F] {JL 0x61}
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F510F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F780F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F480F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F360F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\FIEMouse.exe[2684] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [55, 5F] {PUSH EBP; POP EDI}
.text C:\Program\Wfwin\FIEMouse.exe[2684] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F600F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5D0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F630F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\FIEMouse.exe[2684] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [76, 5F] {JBE 0x61}
.text C:\Program\Wfwin\FIEMouse.exe[2684] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4E0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Wfwin\FIEMouse.exe[2684] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2708] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\System32\alg.exe[2708] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2708] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\System32\alg.exe[2708] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\System32\alg.exe[2708] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\System32\alg.exe[2708] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\System32\alg.exe[2708] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\System32\alg.exe[2708] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3124] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[3124] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3124] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3124] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\system32\ctfmon.exe[3124] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3124] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[3124] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\ctfmon.exe[3124] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\SOUNDMAN.EXE[3252] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3E, 5F]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F700F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F490F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F610F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F580F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F310F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F250F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F5E0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F340F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F370F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F430F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F6A0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F3A0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F280F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F520F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F4F0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F550F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [68, 5F]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F400F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F740F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F7D0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F770F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F7A0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!htons 71AA2E53 6 Bytes JMP 5F8C0F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 90, 5F]
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F920F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!connect 71AA4A07 6 Bytes JMP 5F800F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F980F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F890F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F860F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F830F5A
.text C:\Program\Registry Mechanic\RegMech.exe[3308] ws2_32.dll!accept 71AB1040 6 Bytes JMP 5F950F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3E, 5F]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F700F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F490F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F610F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F580F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F310F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F250F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F5E0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F340F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F370F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F430F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F6A0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F3A0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F280F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F520F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F4F0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F550F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [68, 5F]
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F400F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F790F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F760F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F7C0F5A
.text C:\Program\Norman\Nvc\Bin\Nip.exe[3324] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F730F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3E, 5F]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F700F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F490F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F610F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F580F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F310F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F250F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F5E0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F340F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F370F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F430F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F6A0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F3A0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F280F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F520F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F4F0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F550F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [68, 5F]
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F400F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F770F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F740F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F7A0F5A
.text C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F7D0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3E, 5F]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F700F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F490F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F610F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F580F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F310F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F250F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F5E0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F340F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F370F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F430F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F6A0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F3A0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F280F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F520F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F4F0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F550F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [68, 5F]
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F400F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F7C0F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F790F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F730F5A
.text C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F760F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F7F0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 84, 5F]
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F860F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F8C0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F980F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F950F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F920F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F8F0F5A
.text C:\Program\Norman\npf\bin\npfuser.exe[3524] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F890F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [3E, 5F]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [2C, 5F] {SUB AL, 0x5f}
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F5B0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F640F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F700F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F490F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F610F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F580F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F4C0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F310F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F250F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F5E0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F340F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F370F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F430F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F6A0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F3A0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F280F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F520F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F4F0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F550F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [68, 5F]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F400F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F7F0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 84, 5F]
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F860F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F8C0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F980F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F950F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F920F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F8F0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F890F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F7C0F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F790F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F730F5A
.text C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F760F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Microsoft IntelliPoint\point32.exe[3612] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A


Part 3 (final):

.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] shell32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] shell32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] shell32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] shell32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Windows Defender\MSASCui.exe[3716] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Windows Defender\MSASCui.exe[3716] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Windows Defender\MSASCui.exe[3716] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Windows Defender\MSASCui.exe[3716] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Windows Defender\MSASCui.exe[3716] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Windows Defender\MSASCui.exe[3716] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Windows Defender\MSASCui.exe[3716] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Windows Defender\MSASCui.exe[3716] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\system32\iid.exe[3732] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\iid.exe[3732] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\system32\iid.exe[3732] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\iid.exe[3732] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\system32\iid.exe[3732] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\iid.exe[3732] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\system32\iid.exe[3732] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\WINDOWS\system32\iid.exe[3732] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\WINDOWS\system32\iid.exe[3732] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\WINDOWS\system32\iid.exe[3732] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\iid.exe[3732] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\system32\iid.exe[3732] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\iid.exe[3732] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\WINDOWS\system32\iid.exe[3732] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\system32\iid.exe[3732] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\system32\iid.exe[3732] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\system32\iid.exe[3732] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\O2\bin\sprtcmd.exe[3820] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\O2\bin\sprtcmd.exe[3820] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\O2\bin\sprtcmd.exe[3820] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\O2\bin\sprtcmd.exe[3820] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\O2\bin\sprtcmd.exe[3820] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\O2\bin\sprtcmd.exe[3820] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\O2\bin\sprtcmd.exe[3820] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F7F0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 84, 5F]
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F860F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F8C0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F980F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F950F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F920F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F8F0F5A
.text C:\Program\O2\bin\sprtcmd.exe[3820] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F890F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Logitech\QuickCam\Quickcam.exe[3888] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!htons 71AA2E53 6 Bytes JMP 5F7F0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!WSAGetLastError + 2 71AA3CD0 4 Bytes [1E, 00, 84, 5F]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!closesocket 71AA3E2B 6 Bytes JMP 5F860F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!connect 71AA4A07 6 Bytes JMP 5F8C0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!WSAEventSelect 71AA64D9 6 Bytes JMP 5F980F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!WSAAsyncSelect 71AB0991 6 Bytes JMP 5F950F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!WSAConnect 71AB0C81 6 Bytes JMP 5F920F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!WSAAccept 71AB0DC1 6 Bytes JMP 5F8F0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] WS2_32.dll!accept 71AB1040 6 Bytes JMP 5F890F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Mozilla Firefox\firefox.exe[3892] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Mozilla Firefox\firefox.exe[3892] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Mozilla Firefox\firefox.exe[3892] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A
.text C:\Program\Wfwin\WFReader.exe[3968] ntdll.dll!NtLoadDriver 7C90D46E 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\WFReader.exe[3968] ntdll.dll!NtLoadDriver + 4 7C90D472 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program\Wfwin\WFReader.exe[3968] ntdll.dll!NtSuspendProcess 7C90DE2E 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\WFReader.exe[3968] ntdll.dll!NtSuspendProcess + 4 7C90DE32 2 Bytes [38, 5F]
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateFileA 7C801A28 6 Bytes JMP 5F670F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!VirtualProtect 7C801AD4 6 Bytes JMP 5F700F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!LoadLibraryExW 7C801AF5 6 Bytes JMP 5F070F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!LoadLibraryA 7C801D7B 6 Bytes JMP 5F130F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F0D0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F100F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F220F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F1F0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!LoadResource 7C80A055 6 Bytes JMP 5F7C0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!FreeLibrary + 15 7C80AC93 4 Bytes CALL 7170003D
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!GetProcAddress 7C80AE40 6 Bytes JMP 5F550F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!LoadLibraryW 7C80AEEB 6 Bytes JMP 5F160F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [05, 5F]
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateThread 7C8106D7 6 Bytes JMP 5F6D0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateFileW 7C810800 6 Bytes JMP 5F640F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!TerminateThread 7C81CB3B 6 Bytes JMP 5F3A0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!GetVolumeInformationA 7C821BA5 6 Bytes JMP 5F580F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!DebugActiveProcess 7C85B0FB 6 Bytes JMP 5F3D0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!WinExec 7C86250D 6 Bytes JMP 5F310F5A
.text C:\Program\Wfwin\WFReader.exe[3968] kernel32.dll!CreateToolhelp32Snapshot 7C865C7F 6 Bytes JMP 5F6A0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] ADVAPI32.dll!RegOpenKeyExA 77DC7852 6 Bytes JMP 5F5E0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] ADVAPI32.dll!RegCreateKeyExA 77DCE9F4 6 Bytes JMP 5F5B0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] ADVAPI32.dll!RegSetValueExA 77DCEAE7 6 Bytes JMP 5F610F5A
.text C:\Program\Wfwin\WFReader.exe[3968] ADVAPI32.dll!OpenSCManagerA 77DE69AE 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\WFReader.exe[3968] ADVAPI32.dll!OpenSCManagerA + 4 77DE69B2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program\Wfwin\WFReader.exe[3968] ADVAPI32.dll!LsaRemoveAccountRights 77E0AC91 6 Bytes JMP 5F0A0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] ADVAPI32.dll!CreateServiceA 77E27211 6 Bytes JMP 5F4C0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!SetWindowsHookExW 7E37820F 6 Bytes JMP 5F1C0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!GetKeyState 7E379ED9 6 Bytes JMP 5F400F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!GetAsyncKeyState 7E37A78F 6 Bytes JMP 5F430F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!ShowWindow 7E37AF56 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!ShowWindow + 4 7E37AF5A 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!SetWindowsHookExA 7E381211 6 Bytes JMP 5F190F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!SetWinEventHook 7E3817F7 6 Bytes JMP 5F4F0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!GetWindowTextA 7E38216B 6 Bytes JMP 5F760F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!DdeConnect 7E3A81C3 6 Bytes JMP 5F460F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!EndTask 7E3AA0A5 6 Bytes JMP 5F340F5A
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!RegisterRawInputDevices 7E3BCE0E 3 Bytes [FF, 25, 1E]
.text C:\Program\Wfwin\WFReader.exe[3968] USER32.dll!RegisterRawInputDevices + 4 7E3BCE12 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program\Wfwin\WFReader.exe[3968] SHELL32.dll!ShellExecuteExW 7CA0996B 6 Bytes JMP 5F2E0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] SHELL32.dll!ShellExecuteEx 7CA40EB5 6 Bytes JMP 5F2B0F5A
.text C:\Program\Wfwin\WFReader.exe[3968] SHELL32.dll!ShellExecuteA 7CA411E0 6 Bytes JMP 5F250F5A
.text C:\Program\Wfwin\WFReader.exe[3968] SHELL32.dll!ShellExecuteW 7CAB5D48 6 Bytes JMP 5F280F5A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8543886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8543832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8565892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8543886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F852DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F852DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F852DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F852E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F852E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8542ACA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [04F62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [04F62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [04F62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [04F62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [010A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0167BCA0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0167BC50
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01677EA0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01679100
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0167AA10
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01679370
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01679180
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0167A010
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0167B950
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0167B990
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0167BD30
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0167B810
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0167A970
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01679930
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 016792E0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01679660
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0167C2B0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0167A360
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0167A7D0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0167AE90
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0167AC20
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0167AE10
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0167B2F0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0167B000
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01679250
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 016797E0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0167BA70
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0167AD60
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0167A910
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0167A790
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0167AB20
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0167BD50
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0167AB60
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0167BFF0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0167BF90
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0167C1E0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0167C280
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0167C0B0
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00962F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00962CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00962D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00962CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F671E8

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 82BB7420
Device \Driver\usbuhci \Device\USBPDO-1 82BB7420
Device \Driver\usbuhci \Device\USBPDO-2 82BB7420
Device \Driver\PCI_NTPNP9848 \Device\00000053 sptd.sys
Device \Driver\usbehci \Device\USBPDO-3 82B9E7A0
Device \Driver\usbuhci \Device\USBPDO-4 82BB7420

AttachedDevice \Driver\Tcpip \Device\Tcp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F6A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B681EA7-EC9B-4397-917C-06186010A62C} 821BC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 821BC1E8
Device \Driver\NetBT \Device\NetbiosSmb 821BC1E8

AttachedDevice \Driver\Tcpip \Device\Udp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)
AttachedDevice \Driver\Tcpip \Device\RawIp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)

Device \Driver\NetBT \Device\NetBT_Tcpip_{2D34F7FC-2AE2-4C31-B781-A2F1E8E7CF06} 821BC1E8
Device \Driver\usbuhci \Device\USBFDO-0 82BB7420
Device \Driver\usbuhci \Device\USBFDO-1 82BB7420
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 821421E8
Device \Driver\usbuhci \Device\USBFDO-2 82BB7420
Device \FileSystem\MRxSmb \Device\LanmanRedirector 821421E8
Device \Driver\usbuhci \Device\USBFDO-3 82BB7420
Device \Driver\usbehci \Device\USBFDO-4 82B9E7A0
Device \Driver\Ftdisk \Device\FtControl 82F6A1E8
Device \Driver\arkqevxb \Device\Scsi\arkqevxb1Port3Path0Target0Lun0 82AE07A0
Device \Driver\viamraid \Device\Scsi\viamraid1 82FD51E8
Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 82FD51E8
Device \Driver\arkqevxb \Device\Scsi\arkqevxb1 82AE07A0
Device \FileSystem\Cdfs \Cdfs 820AC7A0

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACkyprqxblxmqlvbw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x1C 0x19 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0xD6 0x68 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xAC 0x86 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACulbowipfwbjfxvm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACeatfqrvpuyhymit.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACtkkwbthespwprrs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACmcniuaxieomeysi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACqppcbodkslsguij.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxycmykmpjxbujev.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACbdftjsxgcqyorxy.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACeuwiaivakdyuous.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACsxaeapiuodaurlc.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x1C 0x19 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0xD6 0x68 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xAC 0x86 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACulbowipfwbjfxvm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACeatfqrvpuyhymit.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACtkkwbthespwprrs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACmcniuaxieomeysi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACqppcbodkslsguij.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxycmykmpjxbujev.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACbdftjsxgcqyorxy.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACeuwiaivakdyuous.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACsxaeapiuodaurlc.log
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x1C 0x19 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0xD6 0x68 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xAC 0x86 0xBB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Rana\Lokala inställningar\Temp\UAC6982.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACkyprqxblxmqlvbw.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACbdftjsxgcqyorxy.log 4032 bytes
File C:\WINDOWS\system32\UACeatfqrvpuyhymit.dat 224 bytes
File C:\WINDOWS\system32\uacinit.dll 5584 bytes
File C:\WINDOWS\system32\UACmcniuaxieomeysi.dll 17408 bytes executable
File C:\WINDOWS\system32\UACqppcbodkslsguij.dll 19968 bytes executable
File C:\WINDOWS\system32\UACtkkwbthespwprrs.dll 19968 bytes executable
File C:\WINDOWS\system32\UACulbowipfwbjfxvm.dll 24064 bytes executable
File C:\WINDOWS\system32\UACxycmykmpjxbujev.dll 66560 bytes

---- EOF - GMER 1.0.15 ----

#6 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 17 May 2009 - 11:30 AM

The following file was in red:

The following file was in red:

Service C:\WINDOWS\system32\drivers\UACkyprqxblxmqlvbw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

#7 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 17 May 2009 - 11:31 AM

It looks like the Gmer log got cut off at the end. Can you copy just the last 100 lines or so and paste it here?

Also can you translate this for me?

Det går inte att hitta sökvägen
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#8 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 17 May 2009 - 11:33 AM

Oops. It looks like you posted again while I was reviewing your log. That's perfect. Give me a minute to look this over.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#9 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 17 May 2009 - 11:34 AM

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!IoConnectInterrupt] [F8543886] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F8543832] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F8565892] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F8543886] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F852DAD4] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F852DC1A] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F852DB9C] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F852E748] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F852E61E] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F8542ACA] sptd.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F82EE81C] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F82EE84A] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F82EE594] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F82EE5F0] NDIS_RD.sys (Norman NDIS Firewall Driver/Norman ASA)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [04F62F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [04F62CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [04F62D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\SUPERAntiSpyware\SUPERAntiSpyware.exe[232] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [04F62CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A32F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A32CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A32D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\cclaw.exe[256] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A32CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BD2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BD2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BD2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Rana\Skrivbord\yuz1lzy0.exe[564] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BD2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010A2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010A2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [010A2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\test2\mbam1.exe[620] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010A2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Npm\Bin\ZLH.EXE[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[1852] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A82D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\FIEMouse.exe[2684] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[3124] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ATI Technologies\ATI Control Panel\atiptaxx.exe[3236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\SOUNDMAN.EXE[3252] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegQueryValueA] 0167BCA0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] 0167BC50
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01677EA0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 01679100
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CloseHandle] 0167AA10
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01679370
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 01679180
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileW] 0167A010
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalUnlock] 0167B950
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalLock] 0167B990
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcessHeap] 0167BD30
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] 0167B810
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!DuplicateHandle] 0167A970
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 01679930
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 016792E0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetEnvironmentStringsW] 01679660
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!IsDebuggerPresent] 0167C2B0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!ReadFile] 0167A360
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetFilePointer] 0167A7D0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFileEx] 0167AE90
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingW] 0167AC20
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!MapViewOfFile] 0167AE10
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!OpenFileMappingW] 0167B2F0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!UnmapViewOfFile] 0167B000
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 01679250
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!TerminateProcess] 016797E0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GlobalAlloc] 0167BA70
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FlushViewOfFile] 0167AD60
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileSize] 0167A910
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!WriteFile] 0167A790
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetFileType] 0167AB20
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetACP] 0167BD50
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateFileMappingA] 0167AB60
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadIconW] 0167BFF0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadCursorW] 0167BF90
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!CreateDialogParamW] 0167C1E0
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!DialogBoxParamW] 0167C280
IAT C:\Program\Registry Mechanic\RegMech.exe[3308] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!LoadStringW] 0167C0B0
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\Nvc\Bin\Nip.exe[3324] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Logishrd\LQCVFX\COCIManager.exe[3372] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPLpr.exe[3384] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AA2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AA2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AA2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Synaptics\SynTP\SynTPEnh.exe[3416] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AA2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\CyberLink\PowerDVD\PDVDServ.exe[3488] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00962F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00962CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00962D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Norman\npf\bin\npfuser.exe[3524] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00962CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C42F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C42CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C42D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Java\jre1.6.0_01\bin\jusched.exe[3580] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C42CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003C2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003C2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003C2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe[3592] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003C2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00E72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00E72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00E72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Microsoft IntelliPoint\point32.exe[3612] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00E72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [003E2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [003E2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [003E2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\Real\Update_OB\realsched.exe[3692] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [003E2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Windows Defender\MSASCui.exe[3716] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00802F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00802CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00802D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\iid.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00802CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe[3756] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\O2\bin\sprtcmd.exe[3820] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe[3844] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00F02F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00F02CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00F02D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Logitech\QuickCam\Quickcam.exe[3888] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00F02CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B12F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B12CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00B12D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Mozilla Firefox\firefox.exe[3892] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B12CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00C52F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00C52CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00C52D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\Wfwin\WFReader.exe[3968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00C52CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00D72F30] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00D72CA0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00D72D00] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program\ThreatFire\TFTray.exe[4072] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00D72CD0] C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 82F671E8

AttachedDevice \FileSystem\Ntfs \Ntfs TfFsMon.sys (ThreatFire Filesystem Monitor/PC Tools)
AttachedDevice \Driver\Tcpip \Device\Ip TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 82BB7420
Device \Driver\usbuhci \Device\USBPDO-1 82BB7420
Device \Driver\usbuhci \Device\USBPDO-2 82BB7420
Device \Driver\PCI_NTPNP9848 \Device\00000053 sptd.sys
Device \Driver\usbehci \Device\USBPDO-3 82B9E7A0
Device \Driver\usbuhci \Device\USBPDO-4 82BB7420

AttachedDevice \Driver\Tcpip \Device\Tcp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)

Device \Driver\Ftdisk \Device\HarddiskVolume1 82F6A1E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{2B681EA7-EC9B-4397-917C-06186010A62C} 821BC1E8
Device \Driver\NetBT \Device\NetBt_Wins_Export 821BC1E8
Device \Driver\NetBT \Device\NetbiosSmb 821BC1E8

AttachedDevice \Driver\Tcpip \Device\Udp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)
AttachedDevice \Driver\Tcpip \Device\RawIp TDI_RD.SYS (Norman TDI Firewall Driver/Norman ASA)

Device \Driver\NetBT \Device\NetBT_Tcpip_{2D34F7FC-2AE2-4C31-B781-A2F1E8E7CF06} 821BC1E8
Device \Driver\usbuhci \Device\USBFDO-0 82BB7420
Device \Driver\usbuhci \Device\USBFDO-1 82BB7420
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 821421E8
Device \Driver\usbuhci \Device\USBFDO-2 82BB7420
Device \FileSystem\MRxSmb \Device\LanmanRedirector 821421E8
Device \Driver\usbuhci \Device\USBFDO-3 82BB7420
Device \Driver\usbehci \Device\USBFDO-4 82B9E7A0
Device \Driver\Ftdisk \Device\FtControl 82F6A1E8
Device \Driver\arkqevxb \Device\Scsi\arkqevxb1Port3Path0Target0Lun0 82AE07A0
Device \Driver\viamraid \Device\Scsi\viamraid1 82FD51E8
Device \Driver\viamraid \Device\Scsi\viamraid1Port2Path0Target0Lun0 82FD51E8
Device \Driver\arkqevxb \Device\Scsi\arkqevxb1 82AE07A0
Device \FileSystem\Cdfs \Cdfs 820AC7A0

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\UACkyprqxblxmqlvbw.sys (*** hidden *** ) [SYSTEM] UACd.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x1C 0x19 0x9D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0xD6 0x68 0x59 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xAC 0x86 0xBB ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACulbowipfwbjfxvm.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACeatfqrvpuyhymit.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACtkkwbthespwprrs.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACmcniuaxieomeysi.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACqppcbodkslsguij.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxycmykmpjxbujev.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACbdftjsxgcqyorxy.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACeuwiaivakdyuous.log
Reg HKLM\SYSTEM\CurrentControlSet\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACsxaeapiuodaurlc.log
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x1C 0x19 0x9D ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0xD6 0x68 0x59 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xAC 0x86 0xBB ...
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@start 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@type 1
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@imagepath \systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys@group file system
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACd \\?\globalroot\systemroot\system32\drivers\UACkyprqxblxmqlvbw.sys
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACc \\?\globalroot\systemroot\system32\UACulbowipfwbjfxvm.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacsr \\?\globalroot\systemroot\system32\UACeatfqrvpuyhymit.dat
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uaclog \\?\globalroot\systemroot\system32\UACtkkwbthespwprrs.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacmask \\?\globalroot\systemroot\system32\UACmcniuaxieomeysi.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacserf \\?\globalroot\systemroot\system32\UACqppcbodkslsguij.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacbbr \\?\globalroot\systemroot\system32\UACxycmykmpjxbujev.dll
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@UACproc \\?\globalroot\systemroot\system32\UACbdftjsxgcqyorxy.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacurls \\?\globalroot\systemroot\system32\UACeuwiaivakdyuous.log
Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules@uacerrors \\?\globalroot\systemroot\system32\UACsxaeapiuodaurlc.log
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x49 0x1C 0x19 0x9D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5A 0xD6 0x68 0x59 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0xBB 0xAC 0x86 0xBB ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI@NoChange 1
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS@Installed 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Rana\Lokala inställningar\Temp\UAC6982.tmp 343040 bytes executable
File C:\WINDOWS\system32\drivers\UACkyprqxblxmqlvbw.sys 52224 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\system32\UACbdftjsxgcqyorxy.log 4032 bytes
File C:\WINDOWS\system32\UACeatfqrvpuyhymit.dat 224 bytes
File C:\WINDOWS\system32\uacinit.dll 5584 bytes
File C:\WINDOWS\system32\UACmcniuaxieomeysi.dll 17408 bytes executable
File C:\WINDOWS\system32\UACqppcbodkslsguij.dll 19968 bytes executable
File C:\WINDOWS\system32\UACtkkwbthespwprrs.dll 19968 bytes executable
File C:\WINDOWS\system32\UACulbowipfwbjfxvm.dll 24064 bytes executable
File C:\WINDOWS\system32\UACxycmykmpjxbujev.dll 66560 bytes

---- EOF - GMER 1.0.15 ----

#10 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 17 May 2009 - 11:36 AM

Download the HostsXpert 3.7 - Hosts File Manager.
  • Unzip HostsXpert 3.7 - Hosts File Manager to a convenient folder such as C:\HostsXpert
  • Click HostsXpert.exe to Run HostsXpert 3.7 - Hosts File Manager from its new home
  • Click "Make Hosts Writable?" in the upper right corner (If available).
  • Click Restore Microsoft's Hosts file and then click OK.
  • Click the X to exit the program.
  • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Now go ahead and run Combofix and then post back here with the resulting log.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#11 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 17 May 2009 - 11:37 AM

Ops - already posted!

Transaltion
Det går inte att hitta sökvägen: Can not find "path" (or source).

Trying to find the English equivalent...

#12 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 17 May 2009 - 11:50 AM

Ok, go ahead with the directions in my last post.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#13 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 17 May 2009 - 01:33 PM

Ran everything and can just got a message that Norman Anti virus was updated (tried to start a scan - which I was now able to!)

Combofix:

ComboFix 09-05-16.05 - Rana 2009-05-17 20:03.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.46.1053.18.511.132 [GMT 2:00]
Körs från: c:\documents and settings\Rana\Skrivbord\Comb.exe
AV: Norman Security Suite ver. 7.00 *On-access scanning disabled* (Outdated) {EB9EFB40-AE72-4C43-B204-0FCD0E92D5F1}
FW: Personal Firewall *disabled* {83B29CE9-9DE2-2CB5-9AB3-780D70FF12B0}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Andra raderingar ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\NetworkService\Application Data\twain_32
c:\documents and settings\NetworkService\Application Data\twain_32\user.ds
c:\documents and settings\NetworkService\Application Data\wiaserva.log
c:\documents and settings\Rana\Application Data\wiaserva.log
c:\windows\system32\drivers\UACkyprqxblxmqlvbw.sys
c:\windows\system32\dz1.txt
c:\windows\system32\inform.dat
c:\windows\system32\kjs
c:\windows\system32\msliksurdns.dll
c:\windows\system32\p1.txt
c:\windows\system32\r24.txt
c:\windows\system32\tmp.reg
c:\windows\system32\UACbdftjsxgcqyorxy.log
c:\windows\system32\UACeatfqrvpuyhymit.dat
c:\windows\system32\UACeuwiaivakdyuous.log
c:\windows\system32\uacinit.dll
c:\windows\system32\UACmcniuaxieomeysi.dll
c:\windows\system32\UACqppcbodkslsguij.dll
c:\windows\system32\UACsxaeapiuodaurlc.log
c:\windows\system32\UACtkkwbthespwprrs.dll
c:\windows\system32\UACulbowipfwbjfxvm.dll
c:\windows\system32\UACxycmykmpjxbujev.dll

----- BITS: Troligen infekterade webbplatser -----

hxxp://sync.broadband.o2.co.uk:8080
.
((((((((((((((((((((((((((((((((((((((( Drivrutiner/Tjänster )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


(((((((((((((((((((((((( Filer Skapade från 2009-04-17 till 2009-05-17 ))))))))))))))))))))))))))))))
.

2009-05-17 18:07 . 2009-05-17 18:07 0 ----a-w c:\windows\system32\satau320.dll
2009-05-17 17:47 . 2009-05-17 17:48 -------- d-----w C:\32788R22FWJFW
2009-05-17 17:11 . 2009-05-17 17:11 -------- d-----w C:\rana
2009-05-17 17:00 . 2009-05-17 17:00 -------- d-----w C:\HostsXpert
2009-05-17 16:38 . 2009-05-17 16:38 -------- d-----w c:\program\Cobian Backup 9
2009-05-16 19:05 . 2009-05-16 19:05 -------- d-----w c:\program\Trend Micro
2009-05-16 12:45 . 2008-04-16 10:57 42552 ----a-w c:\windows\system32\drivers\ale_nf.sys
2009-05-16 12:45 . 2008-02-07 10:12 79752 ----a-w c:\windows\system32\drivers\ndis_rd.sys
2009-05-16 12:45 . 2008-02-07 10:12 74624 ----a-w c:\windows\system32\drivers\tdi_rd.sys
2009-05-16 12:45 . 2008-09-02 10:48 19512 ----a-w c:\windows\system32\drivers\nvcw32mf.sys
2009-05-16 12:45 . 2008-05-16 09:28 212024 ----a-w c:\windows\system32\nscrnsav.scr
2009-05-16 12:44 . 2009-05-17 18:00 -------- d-----w c:\program\Norman
2009-05-16 12:13 . 2009-05-16 12:13 -------- d-----w c:\documents and settings\NetworkService\Application Data\Malwarebytes
2009-05-16 10:15 . 2009-05-16 10:15 -------- d-----w c:\program\CCleaner
2009-05-16 10:09 . 2009-05-16 10:09 -------- d-----r c:\documents and settings\NetworkService\Favoriter
2009-05-16 09:54 . 2009-05-16 09:54 2 ---h--w c:\windows\sto453189.dat
2009-05-15 06:44 . 2009-05-15 06:44 -------- d-----w c:\documents and settings\Rana\Application Data\Malwarebytes
2009-05-14 23:19 . 2009-05-16 12:43 -------- d-----w c:\program\PC Tools AntiVirus
2009-05-14 22:58 . 2009-05-17 18:00 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-14 22:58 . 2009-03-03 10:19 12560 ----a-w c:\windows\system32\drivers\TfKbMon.sys
2009-05-14 22:58 . 2009-03-03 10:19 33040 ----a-w c:\windows\system32\drivers\TfNetMon.sys
2009-05-14 22:58 . 2009-03-03 10:19 39184 ----a-w c:\windows\system32\drivers\TfSysMon.sys
2009-05-14 22:58 . 2009-03-03 10:19 51472 ----a-w c:\windows\system32\drivers\TfFsMon.sys
2009-05-14 22:58 . 2009-05-16 12:43 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-14 22:58 . 2009-05-14 23:13 -------- d-----w c:\program\ThreatFire
2009-05-14 22:50 . 2009-05-15 06:44 -------- d-----w c:\program\test2
2009-05-14 19:31 . 2009-05-14 19:31 -------- d-----w c:\documents and settings\All Users\Application Data\SITEguard
2009-05-14 19:27 . 2009-05-14 19:27 -------- d-----w c:\program\Delade filer\iS3
2009-05-14 19:27 . 2009-05-16 00:33 -------- d-----w c:\documents and settings\All Users\Application Data\STOPzilla!
2009-05-14 19:10 . 2009-05-14 20:05 -------- d-----w c:\windows\system32\218538
2009-05-13 23:04 . 2009-05-15 23:50 -------- d-----w c:\program\test
2009-05-13 22:58 . 2009-05-13 22:58 -------- d-----w c:\program\Malwarebytes' Anti-Malware2
2009-05-13 22:51 . 2009-04-06 13:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-13 22:51 . 2009-04-06 13:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-13 22:51 . 2009-05-13 22:51 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-13 22:51 . 2009-05-13 22:51 -------- d-----w c:\program\Malwarebytes' Anti-Malware
2009-05-05 20:32 . 2009-05-05 20:32 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-05 20:32 . 2009-05-16 10:26 -------- d-----w c:\program\SUPERAntiSpyware
2009-05-05 20:32 . 2009-05-05 20:32 -------- d-----w c:\documents and settings\Rana\Application Data\SUPERAntiSpyware.com
2009-05-05 20:31 . 2009-05-05 20:31 -------- d-----w c:\program\Delade filer\Wise Installation Wizard
2009-05-05 19:57 . 2009-05-05 19:57 -------- d-----w c:\documents and settings\Administratör
2009-05-05 19:04 . 2009-05-05 21:20 -------- d-----w c:\documents and settings\Rana\SmitfraudFix
2009-05-05 00:05 . 2009-05-05 00:05 1 ----a-w c:\windows\z45ft5992f44.dat
2009-05-01 06:16 . 2009-05-01 06:16 -------- d-----w C:\spoolerlogs
2009-04-22 23:02 . 2009-04-22 23:02 -------- d-----w c:\documents and settings\LocalService\Application Data\Personal
2009-04-19 19:14 . 2009-04-19 19:14 -------- d-----w c:\documents and settings\Rana\Application Data\Personal

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 16:36 . 2006-07-18 10:48 -------- d-----w c:\program\Wfwin
2009-05-05 22:44 . 2005-08-16 11:06 388232 ----a-w c:\windows\system32\perfh01D.dat
2009-05-05 22:44 . 2005-08-16 11:06 64744 ----a-w c:\windows\system32\perfc01D.dat
2009-04-25 09:31 . 2009-04-25 09:31 49403 ----a-w c:\windows\system32\rn.tmp
2009-03-06 14:24 . 2005-08-16 11:06 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:16 . 2005-08-16 11:06 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 17:18 . 2005-08-16 11:06 78336 ----a-w c:\windows\system32\ieencode.dll
2005-02-26 21:27 . 2006-01-29 11:39 2540 ----a-w c:\program\Kolla.nfo
.

(((((((((((((((((((((((((((((((((( Startpunkter i registret )))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Not* Tomma poster & legitima standardposter visas inte.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"updateMgr"="c:\program\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2005-08-18 307200]
"DAEMON Tools"="c:\program\DAEMON Tools\daemon.exe" [2007-04-03 165784]
"LDM"="c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-11-20 67128]
"SUPERAntiSpyware"="c:\program\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
"RegistryMechanic"="c:\program\Registry Mechanic\RegMech.exe" [2008-07-08 2828184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-06-28 344064]
"SynTPLpr"="c:\program\Synaptics\SynTP\SynTPLpr.exe" [2005-03-18 98393]
"SynTPEnh"="c:\program\Synaptics\SynTP\SynTPEnh.exe" [2005-03-18 688217]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RemoteControl"="c:\program\CyberLink\PowerDVD\PDVDServ.exe" [2005-04-15 45056]
"InstantOn"="c:\program files\CyberLink\PowerCinema Linux\ion_install.exe" [2005-05-11 93640]
"SunJavaUpdateSched"="c:\program\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"IntelliPoint"="c:\program\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"QuickTime Task"="c:\program\QuickTime\qttask.exe" [2006-03-29 155648]
"TkBellExe"="c:\program\Delade filer\Real\Update_OB\realsched.exe" [2006-03-31 180269]
"Net iD"="c:\windows\system32\iid.exe" [2007-03-15 67112]
"Acrobat Assistant 7.0"="c:\program\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"O2"="c:\program\O2\bin\sprtcmd.exe" [2008-03-28 198184]
"LogitechCommunicationsManager"="c:\program\Delade filer\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"PCSuiteTrayApplication"="c:\program\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 222208]
"ThreatFire"="c:\program\ThreatFire\TFTray.exe" [2009-03-03 263440]
"Norman ZANDA"="c:\program\Norman\Npm\Bin\ZLH.EXE" [2008-06-02 277616]
"NPCTray"="c:\program\Norman\npc\bin\npc_tray.exe" [2007-09-17 126008]
"Genväg till egenskapssida för High Definition Audio"="HDAShCut.exe" - c:\windows\system32\HdAShCut.exe [2005-01-07 61952]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-08-01 90112]
"AlcWzrd"="ALCWZRD.EXE" - c:\windows\ALCWZRD.EXE [2005-08-01 2803712]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\program\DELADE~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 36040]
"PcSync"="c:\program\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 1634304]

c:\documents and settings\All Users\Start-meny\Program\Autostart\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-8-24 25214]
Adobe Reader Speed Launch.lnk - c:\program\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Logitech Desktop Messenger.lnk - c:\program\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-11-20 67128]
WordFinder Easy Reader.lnk - c:\program\Wfwin\WFReader.exe [2006-7-18 1769984]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableProfileQuota"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w c:\program\SUPERAntiSpyware\SASWINLO.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program\\Messenger\\msmsgs.exe"=
"c:\\Program\\DC++\\DCPlusPlus.exe"=
"c:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program\\MSN Messenger\\livecall.exe"=
"c:\\Program\\Azureus\\Azureus.exe"=
"c:\\Program\\Spotify\\spotify.exe"=
"c:\\Program\\Skype\\Phone\\Skype.exe"=
"c:\\Program\\O2\\agent\\bin\\bcont.exe"=
"c:\\Program\\O2\\agent\\bin\\bcont_nm.exe"=
"c:\\Program\\O2\\bin\\wificfg.exe"=
"c:\\Program\\Delade filer\\SupportSoft\\bin\\ssrc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"443:TCP"= 443:TCP:*:Disabled:ooVoo TCP port 443
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP"= 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:*:Disabled:ooVoo UDP port 37675

R0 NDIS_RD;Norman Firewall NDIS driver;c:\windows\system32\drivers\ndis_rd.sys [2009-05-16 79752]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-05-15 51472]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-05-15 39184]
R1 NPROSEC;Norman Security driver;c:\program\Norman\Ngs\Bin\nprosec.sys [2009-05-16 52792]
R1 SASDIFSV;SASDIFSV;c:\program\SUPERAntiSpyware\sasdifsv.sys [2009-04-28 9968]
R1 SASKUTIL;SASKUTIL;c:\program\SUPERAntiSpyware\SASKUTIL.SYS [2009-04-28 72944]
R1 TDI_RD;Norman Firewall TDI driver;c:\windows\system32\drivers\tdi_rd.sys [2009-05-16 74624]
R2 Ndiskio;Ndiskio;c:\program\Norman\Nse\Bin\Ndiskio.sys [2009-05-16 20448]
R2 NPFSvc32;Norman Personal Firewall Service;c:\program\Norman\Npf\Bin\npfsvc32.exe [2009-05-16 597104]
R2 NPROSECSVC;Norman Security service;c:\program\Norman\Ngs\Bin\nprosec.exe [2009-05-16 121912]
R2 NVOY;Norman's Very Own supplY of resources;c:\program\Norman\Npm\Bin\nvoy.exe [2009-05-16 121912]
R2 sprtsvc_O2;SupportSoft Sprocket Service (O2);c:\program\O2\bin\sprtsvc.exe [2007-06-07 202280]
R2 ThreatFire;ThreatFire;c:\program\ThreatFire\TFService.exe service --> c:\program\ThreatFire\TFService.exe service [?]
R2 WinDefend;Windows Defender;c:\program\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R3 NPC;Norman Parental Control;c:\program\Norman\Npc\Bin\npcsvc32.exe [2009-05-16 416880]
R3 nsesvc;Norman Scanner Engine Service;c:\program\Norman\Nse\Bin\Nsesvc.exe [2009-05-16 322616]
R3 NUAA;Norman User Activity Agent;c:\program\Norman\Npc\Bin\nuaa.exe [2009-05-16 117816]
R3 NvcMFlt;NvcMFlt;c:\windows\system32\drivers\nvcw32mf.sys [2009-05-16 19512]
R3 nvcoas;Norman Virus Control on-access component;c:\program\Norman\nvc\bin\Nvcoas.exe [2009-05-16 191544]
R3 NVCScheduler;Norman Virus Control Scheduler;c:\program\Norman\Npm\Bin\nvcsched.exe [2009-05-16 154680]
R3 Slazldrv;SmartLink AMR_PCI Driver;c:\windows\system32\drivers\SLDRV\slazldrv.sys [2005-08-16 230448]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-05-15 33040]
S2 jrwttm;jrwttm;c:\windows\system32\drivers\acwe.sys --> c:\windows\system32\drivers\acwe.sys [?]
S2 yucuiy;yucuiy;c:\windows\system32\drivers\aeljy.sys --> c:\windows\system32\drivers\aeljy.sys [?]
S3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [2006-08-21 223232]
S3 SASENUM;SASENUM;c:\program\SUPERAntiSpyware\SASENUM.SYS [2009-04-28 7408]

--- Övriga tjänster/drivrutiner i minnet ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{1A43B51D-2671-4bcc-89F0-9BC42DB29016}]
rundll32 fow64.dll,InitO
.
Innehållet i mappen 'Schemalagda aktiviteter':

2009-05-17 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program\Windows Defender\MpCmdRun.exe [2006-11-03 16:20]
.
- - - - FÖRÄLDRALÖSA POSTER SOM TAGITS BORT - - - -

HKCU-Run-ooVoo.exe - c:\program files\ooVoo\ooVoo.exe


.
------- Extra genomsökning -------
.
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
IE: Convert link target to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\program\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\program\Norman\npc\bin\nlf.dll
Trusted Zone: o2.co.uk\*.broadband
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Rana\Application Data\Mozilla\Firefox\Profiles\ijaz5xas.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.dn.se/
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 7171
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program\Mozilla Firefox\plugins\npiidplg.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 20:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LÅSTA REGISTERNYCKLAR ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLer som "laddats" under processer som körs ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\program\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
c:\program\ThreatFire\TFWAH.dll
c:\program\ThreatFire\TFNI.dll

- - - - - - - > 'lsass.exe'(984)
c:\program\ThreatFire\TFWAH.dll
.
Sluttid: 2009-05-17 20:12
ComboFix-quarantined-files.txt 2009-05-17 18:12

Före genomsökningen: 20 386 041 856 byte ledigt
Efter genomsökningen: 21 432 315 904 byte ledigt

WindowsXP-KB310994-SP2-Home-BootDisk-SVE.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

280 --- E O F --- 2009-05-14 19:59

#14 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:09:05 AM

Posted 18 May 2009 - 11:25 AM

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back here in your next reply.

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#15 highfivester

highfivester
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 18 May 2009 - 02:15 PM

Hi and once again thanks for you help!


SDFix: Version 1.240
Run by Rana on 2009-05-18 at 20:56

Microsoft Windows XP [Version 5.1.2600]
Running Wrom: SKVFVWRK

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 21:04:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:49,1c,19,9d,ba,9e,cb,fe,b0,6e,49,06,ca,62,82,5d,91,81,22,8d,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fc,87,cc,01,8d,14,7d,ce,5c,f9,ef,61,e0,14,13,98,12,..
"khjeh"=hex:5a,d6,68,59,00,71,86,81,bd,6f,7e,3d,88,fc,e8,96,09,bb,b7,cf,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bb,ac,86,bb,f6,3f,6f,a5,bc,64,10,96,6f,b0,17,51,0a,a8,24,03,9c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:49,1c,19,9d,ba,9e,cb,fe,b0,6e,49,06,ca,62,82,5d,91,81,22,8d,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fc,87,cc,01,8d,14,7d,ce,5c,f9,ef,61,e0,14,13,98,12,..
"khjeh"=hex:5a,d6,68,59,00,71,86,81,bd,6f,7e,3d,88,fc,e8,96,09,bb,b7,cf,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bb,ac,86,bb,f6,3f,6f,a5,bc,64,10,96,6f,b0,17,51,0a,a8,24,03,9c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:49,1c,19,9d,ba,9e,cb,fe,b0,6e,49,06,ca,62,82,5d,91,81,22,8d,71,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,fc,87,cc,01,8d,14,7d,ce,5c,f9,ef,61,e0,14,13,98,12,..
"khjeh"=hex:5a,d6,68,59,00,71,86,81,bd,6f,7e,3d,88,fc,e8,96,09,bb,b7,cf,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:bb,ac,86,bb,f6,3f,6f,a5,bc,64,10,96,6f,b0,17,51,0a,a8,24,03,9c,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\Messenger\\msmsgs.exe"="C:\\Program\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program\\DC++\\DCPlusPlus.exe"="C:\\Program\\DC++\\DCPlusPlus.exe:*:Enabled:DC++"
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program\\Azureus\\Azureus.exe"="C:\\Program\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program\\Spotify\\spotify.exe"="C:\\Program\\Spotify\\spotify.exe:*:Enabled:Spotify"
"C:\\Program\\Skype\\Phone\\Skype.exe"="C:\\Program\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program\\O2\\agent\\bin\\bcont.exe"="C:\\Program\\O2\\agent\\bin\\bcont.exe:*:Disabled:bcont.exe"
"C:\\Program\\O2\\agent\\bin\\bcont_nm.exe"="C:\\Program\\O2\\agent\\bin\\bcont_nm.exe:*:Disabled:bcont_nm.exe"
"C:\\Program\\O2\\bin\\wificfg.exe"="C:\\Program\\O2\\bin\\wificfg.exe:*:Disabled:sprtcmd.exe"
"C:\\Program\\Delade filer\\SupportSoft\\bin\\ssrc.exe"="C:\\Program\\Delade filer\\SupportSoft\\bin\\ssrc.exe:*:Disabled:ssrc.exe"
"C:\\Program\\Mozilla Firefox\\firefox.exe"="C:\\Program\\Mozilla Firefox\\firefox.exe:*:Enabled:Mozilla Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program\\MSN Messenger\\msnmsgr.exe"="C:\\Program\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program\\MSN Messenger\\livecall.exe"="C:\\Program\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files :



Files with Hidden Attributes :

Fri 3 Feb 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 5 Mar 2006 1,227,776 ...H. --- "C:\Documents and Settings\Rana\Application Data\Microsoft\Word\~WRL0578.tmp"

Finished!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users