Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help


  • This topic is locked This topic is locked
4 replies to this topic

#1 rippingmyhairout

rippingmyhairout

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 11 July 2010 - 09:56 PM

I'm really clueless about computers so all help must be given as if you're explaining to the average 5 yr old ;) I apologize for the length but I don't know if I should shorten it

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:52:16 PM, on 7/11/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe,
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1150600.exe -Update -1150600 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US;_rv:1.9.1.9)_Gecko/20100315__Firefox_799802247703_969909487803__(.NET_CLR" -"http://pbskids.org/dragontales/treasurehunt/treasurehunt_que.html"
O4 - Startup: sisytj32.exe
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1235169340871
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6947 bytes


BC AdBot (Login to Remove)

 


#2 rippingmyhairout

rippingmyhairout
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 July 2010 - 01:39 AM

read through some responses, thought I should mention that I've already done a scan with malwarebytes, and downloaded the gmer log.
here's the results of the scan: (will finish step 3 tomorrow night)

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-12 02:27:00
Windows 5.1.2600 Service Pack 3
Running: qey8o8h4.exe; Driver: C:\DOCUME~1\Nathan\LOCALS~1\Temp\uwryqpod.sys


---- System - GMER 1.0.15 ----

SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF843ECDE]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF843EED0]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF845E640]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF845E8F4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF845CB44]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF845ED60]

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 150 804E27BC 4 Bytes CALL 03F92006

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\csrss.exe[492] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[492] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\csrss.exe[492] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[492] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\csrss.exe[492] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[492] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\csrss.exe[492] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014F0001
.text C:\WINDOWS\system32\winlogon.exe[516] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[516] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\winlogon.exe[516] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[516] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\winlogon.exe[516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[516] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\winlogon.exe[516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 017D0001
.text C:\WINDOWS\system32\services.exe[560] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[560] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\services.exe[560] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[560] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\services.exe[560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[560] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\services.exe[560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A50001
.text C:\WINDOWS\system32\lsass.exe[572] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[572] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\lsass.exe[572] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[572] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\lsass.exe[572] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[572] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\lsass.exe[572] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B90001
.text C:\WINDOWS\system32\Ati2evxx.exe[724] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[724] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[724] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[724] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[724] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[724] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[724] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01080001
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[740] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[812] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[812] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E40001
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\svchost.exe[880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 023E0001
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[916] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[916] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\system32\Ati2evxx.exe[972] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[972] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[972] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[972] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\Ati2evxx.exe[972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\Ati2evxx.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01080001
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1080] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1080] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1164] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1164] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CA0001
.text C:\WINDOWS\system32\spoolsv.exe[1256] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1256] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1256] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1256] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\spoolsv.exe[1256] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[1256] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\spoolsv.exe[1256] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D00001
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1368] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1368] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00920001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1400] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1400] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1400] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1400] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1400] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1400] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
.text C:\Program Files\Java\jre6\bin\jqs.exe[1472] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1472] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1472] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1472] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1472] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Java\jre6\bin\jqs.exe[1472] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Java\jre6\bin\jqs.exe[1472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012A0001
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1516] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1516] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1516] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1516] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1516] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1516] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe[1516] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 25FC0001
.text C:\WINDOWS\System32\alg.exe[1552] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1552] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\System32\alg.exe[1552] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1552] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\System32\alg.exe[1552] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[1552] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\System32\alg.exe[1552] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00840001
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1588] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1588] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1588] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1588] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1588] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1588] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Spyware Doctor\pctsAuxs.exe[1588] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00730001
.text C:\Program Files\Spyware Doctor\pctsSvc.exe[1644] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BC05 C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1800] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1800] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1800] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1800] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1800] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe[1800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 014A0001
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1840] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1840] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1840] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1840] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1840] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1840] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe[1840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00640001
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1864] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1864] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1864] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1864] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1864] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[1864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1880] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\svchost.exe[1880] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
.text C:\Documents and Settings\Nathan\My Documents\Downloads\qey8o8h4.exe[1964] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Nathan\My Documents\Downloads\qey8o8h4.exe[1964] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Documents and Settings\Nathan\My Documents\Downloads\qey8o8h4.exe[1964] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Nathan\My Documents\Downloads\qey8o8h4.exe[1964] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Documents and Settings\Nathan\My Documents\Downloads\qey8o8h4.exe[1964] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Nathan\My Documents\Downloads\qey8o8h4.exe[1964] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Nathan\My Documents\Downloads\qey8o8h4.exe[1964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003A0001
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01020001
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
.text C:\Program Files\Spyware Doctor\pctsTray.exe[3412] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044B8D9 C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools Tray Application/PC Tools)
.text C:\WINDOWS\Explorer.EXE[3576] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[3576] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\Explorer.EXE[3576] ntdll.dll!NtQueryDirectoryFile + 6 7C90D774 4 Bytes [90, 61, D7, 00]
.text C:\WINDOWS\Explorer.EXE[3576] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[3576] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\Explorer.EXE[3576] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[3576] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[3576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D60001
.text C:\WINDOWS\system32\ctfmon.exe[3932] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3932] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3932] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3932] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\WINDOWS\system32\ctfmon.exe[3932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3932] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\system32\ctfmon.exe[3932] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AD0001
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3988] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3988] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [05, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3988] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3988] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [0B, 5F]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3988] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 013F0001

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[3248] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll

---- Devices - GMER 1.0.15 ----

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Nathan\My Documents\My Music\BearShare\- Hips Don't Lie (DJ Yan Relaunch Mix 2006) VA ACID TECHNO HARDCORE TRANCE HARDSTYLE DEEP REGAETON REGAE RNB BLACK HOUSE CLUB 2006 2007 2008 2009 2010.mp3\Shakira Live & Off The Record (Live In Rotterdam) Disc 2\09 Shakira & Wyclef - Hips Don't Lie (DJ Yan Relaunch Mix 2006) VA ACID TECHNO HARDCORE TRANCE HARDSTYLE DEEP REGAETON REGAE RNB BLACK HOUSE CLUB 2006 2007 2008 2009 2010.wma 4230948 bytes

---- EOF - GMER 1.0.15 ----


#3 rippingmyhairout

rippingmyhairout
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 12 July 2010 - 06:28 PM

ok, I'll try to be patient after all the advice is free... I am unable to log into the admin account now, got the message that windows cannot find the local profile blah blah blah and logged my into a temp file for the time being.. I apologize if this is the wrong thread to be asking this question but I would really appreciate some advice on how to fix this computer dry.gif

guess I should add what problems I was having *headdesk* it started with my computer lagging so bad it would prevent me from accessing the internet, but it wasn't consistant. Then I couldn't pull up my task manager to see what processes were to blame. Finally I started getting messages about my virtual memory being to low and being increased automatically.. now I can't get into the admin profile some days

Edited by rippingmyhairout, 12 July 2010 - 06:41 PM.


#4 rippingmyhairout

rippingmyhairout
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 15 July 2010 - 12:24 AM

lock topic please

#5 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:11:51 AM

Posted 15 July 2010 - 04:55 PM

Topic Closed upon OP request.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users