Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware removal


  • This topic is locked This topic is locked
2 replies to this topic

#1 brenm2

brenm2

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:09:05 PM

Posted 19 January 2011 - 07:12 AM

Hi, i'm trying to fix this pc for a friend of mine without any luck so far. I've scanned it with malwarebytes which found 1800 infections and webroot which found 11 infections but the pc is still very slow and i'm sure there's still some malware on it.

I would really appreciate any help you guys can give me.

here are the scans.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Michelle at 2:10:42.09 on 19/01/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.41 [GMT 0:00]

AV: Spyware Doctor with AntiVirus *Enabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Webroot Internet Security Complete *Enabled/Updated* {77E10C7F-2CCA-4187-9394-BDBC267AD597}
FW: Webroot Internet Security Complete *Enabled*

============== Running Processes ===============

C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE
C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Michelle\Local Settings\Temporary Internet Files\Content.IE5\WOJKEM9D\dds[1].scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.eircom.net/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\bho\alotBHO.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - c:\program files\moviebario\tbMov1.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - c:\program files\webroot\security\current\products\wisc\toolbar\LPBar.dll
BHO: WebrootBHO Class: {d93ec24d-8741-4d41-b83d-a5793b998416} - c:\program files\webroot\security\current\plugins\browserextension\WebrootBHO.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: MovieBario Toolbar: {58beca16-cae6-4b7a-a0e8-153d0cbba63a} - c:\program files\moviebario\tbMov1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - c:\program files\webroot\security\current\products\wisc\toolbar\LPBar.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
uRun: [ctfmon.exe] "c:\windows\system32\ctfmon.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [hpWirelessAssistant] "c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe"
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [SynTPLpr] "c:\program files\synaptics\syntp\SynTPLpr.exe"
mRun: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun: [LSBWatcher] "c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe"
mRun: [Cpqset] "c:\program files\hpq\default settings\cpqset.exe"
mRun: [hpqSRMon]
mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [ISTray] "c:\program files\pc tools security\pctsGui.exe" /hideGUI
mRun: [WebrootTrayApp] "c:\program files\webroot\security\current\framework\WRTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\michelle\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {727927F2-7064-49CA-BDAA-CE1BAF52782B} - hxxp://www.carzone.ie/ie-ola/jsp/photos/TraderMediaPhotoUploader.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5739/mcfscan.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michelle\applic~1\mozilla\firefox\profiles\3uj5mfjx.default\
FF - prefs.js: browser.search.selectedEngine - Google.co.uk
FF - prefs.js: browser.startup.homepage - hxxp://www.eircom.net/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-1-17 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-1-17 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-1-17 656320]
R0 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2010-10-3 59240]
R1 pwipf6;pwipf6;c:\windows\system32\drivers\pwipf6.sys [2011-1-18 119112]
R1 RapportCerberus_19917;RapportCerberus_19917;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\19917\RapportCerberus_19917.sys [2010-10-3 34792]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-10-3 169320]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-7-3 90112]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-10-3 767208]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-1-17 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-1-17 1150936]
R2 SSFMONM;Spy Sweeper File System Filter Driver;c:\windows\system32\drivers\ssfmonm.sys [2011-1-18 45072]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;c:\program files\webroot\security\current\plugins\antimalware\AEI.exe [2011-1-18 3888696]
R2 WRConsumerService;Webroot Client Service;c:\program files\webroot\security\current\framework\WRConsumerService.exe [2011-1-18 3275112]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-7-3 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-4 135664]
S3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\drivers\ewusbfake.sys [2011-1-17 103168]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2009-6-1 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2009-6-1 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2009-6-1 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2009-6-1 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2009-6-1 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2009-6-1 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2009-6-1 117672]

=============== Created Last 30 ================

2011-01-19 01:21:37 388096 ----a-r- c:\docume~1\michelle\applic~1\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-01-19 01:21:17 -------- d-----w- c:\program files\Trend Micro
2011-01-19 00:58:55 -------- d-----w- c:\docume~1\michelle\locals~1\applic~1\Webroot
2011-01-19 00:58:25 -------- d-----w- c:\docume~1\michelle\applic~1\webroot
2011-01-18 10:52:10 45072 ----a-w- c:\windows\system32\drivers\ssfmonm.sys
2011-01-18 10:52:10 24496 ----a-w- c:\windows\system32\drivers\sshrmd.sys
2011-01-18 10:52:10 182056 ----a-w- c:\windows\system32\drivers\ssidrv.sys
2011-01-18 10:51:47 119112 ----a-w- c:\windows\system32\drivers\pwipf6.sys
2011-01-18 10:47:57 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{346564C3-1CD0-440B-AE7A-F644B66D2026}
2011-01-18 10:46:46 -------- d-----w- c:\program files\Webroot
2011-01-18 10:45:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Webroot
2011-01-18 10:45:17 -------- d-----w- c:\docume~1\michelle\locals~1\applic~1\PackageAware
2011-01-18 00:18:33 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-01-18 00:13:33 -------- d-----w- c:\docume~1\michelle\locals~1\applic~1\Sunbelt Software
2011-01-18 00:11:30 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\~0
2011-01-17 23:36:22 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-01-17 23:36:22 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-01-17 23:36:20 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-01-17 23:35:51 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-01-17 23:35:51 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-01-17 23:34:47 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-01-17 23:33:42 -------- d-----w- c:\program files\common files\PC Tools
2011-01-17 23:33:41 -------- d-----w- c:\program files\PC Tools Security
2011-01-17 23:33:41 -------- d-----w- c:\docume~1\michelle\applic~1\PC Tools
2011-01-17 23:33:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-01-17 20:21:08 -------- d-----w- c:\docume~1\michelle\applic~1\Malwarebytes
2011-01-17 20:20:50 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-17 20:20:49 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2011-01-17 20:20:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-17 20:20:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-17 20:10:49 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-01-17 20:10:49 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-01-17 20:10:49 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-01-17 20:10:49 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-01-17 20:10:49 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys

==================== Find3M ====================

2010-12-15 15:40:36 0 ----a-w- c:\windows\system32\Z_VolPMA.dll
2010-11-23 00:14:29 518 ---ha-w- C:\os992793.bin
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-09 14:52:35 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2009-07-06 23:18:50 836464 ----a-w- c:\program files\cardrecovery_setup.exe

============= FINISH: 2:16:24.06 ===============





and gmer

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-19 12:06:19
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 ST9808211A rev.3.02
Running: gmer.exe; Driver: C:\DOCUME~1\Michelle\LOCALS~1\Temp\awddafob.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwAdjustPrivilegesToken [0xEEDC90C0]
SSDT 82F775F0 ZwAllocateVirtualMemory
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xEECE9FE4]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwConnectPort [0xEEDCA970]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xEECEA996]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF83336FA]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreatePort [0xEEDCAC90]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF8311F68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF8312230]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwCreateSection [0xEEDCAEF0]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\19917\RapportCerberus_19917.sys (RapportCerberus/Trusteer Ltd.) ZwCreateThread [0xF8959864]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDebugActiveProcess [0xEEDC8820]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xEECEAAF6]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF83340B4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF833443E]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwDuplicateObject [0xEEDC8930]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xEECEE500]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xEECEAA5A]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF8332938]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xEECEA128]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwOpenSection [0xEEDC83A0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xEECEA31A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xEECEA44C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xEECEE476]
SSDT 82F77668 ZwQueueApcThread
SSDT 82F77500 ZwReadVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF8334982]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xEECEE412]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xEECEE444]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwResumeThread [0xEEDCA3F0]
SSDT \SystemRoot\system32\drivers\pwipf6.sys (pwipf6/Privacyware/PWI, Inc.) ZwSecureConnectPort [0xEEDCAB00]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xEECE9F8A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xEECEAB56]
SSDT 82F780A8 ZwSetInformationKey
SSDT 82F779B0 ZwSetInformationProcess
SSDT 82F777D0 ZwSetInformationThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF8333AB8]
SSDT 82F77938 ZwSuspendProcess
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xEECE9F26]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF83119D8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xEECE9EC2]
SSDT 82F77578 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 243C 80501C74 12 Bytes [90, AC, DC, EE, 68, 1F, 31, ...] {NOP ; LODSB ; FSUB ST(6), ST; PUSH 0x30f8311f; AND DH, [ECX]; CLC }
init C:\WINDOWS\system32\drivers\tifm21.sys entry point in "init" section [0xF746C8BF]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A9, 71]
.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\spoolsv.exe[240] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\spoolsv.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A90001
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[292] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[292] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[292] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[292] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[292] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[292] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A10001
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[480] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[480] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\WINDOWS\system32\Ati2evxx.exe[536] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[536] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[536] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[536] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[536] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[536] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01950001
.text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A9, 71]
.text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A3, 71]
.text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[720] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A0, 71]
.text C:\WINDOWS\System32\svchost.exe[720] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006B0001
.text C:\WINDOWS\System32\alg.exe[732] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[732] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\WINDOWS\System32\alg.exe[732] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[732] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A0, 71]
.text C:\WINDOWS\System32\alg.exe[732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\alg.exe[732] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9D, 71]
.text C:\WINDOWS\System32\alg.exe[732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\Explorer.EXE[772] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[772] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\Explorer.EXE[772] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[772] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\Explorer.EXE[772] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[772] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\Explorer.EXE[772] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01750001
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[860] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007D0001
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[864] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[864] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[864] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[864] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9E, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[864] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[864] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9B, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C40001
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\csrss.exe[876] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\csrss.exe[876] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\winlogon.exe[912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\winlogon.exe[912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01700001
.text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\services.exe[960] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\services.exe[960] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00ED0001
.text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\lsass.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\lsass.exe[972] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 02C07420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71510022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71450022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71570022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E215501 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71620022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71480022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71540022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 714E0022
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 71650022
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 712D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 71180022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 6 Bytes PUSH 71420022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 713F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetConnectA 3D94DEAE 6 Bytes PUSH 712A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetConnectW 3D94F862 6 Bytes PUSH 71270022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 71300022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 713C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetOpenA 3D95D690 6 Bytes PUSH 711E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetOpenW 3D95DB09 6 Bytes PUSH 711B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetSetStatusCallback 3D95DCC8 6 Bytes PUSH 71120022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 71390022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 71150022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetGetCookieExA 3D964BD0 6 Bytes PUSH 71210022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetWriteFile 3D9A608E 6 Bytes PUSH 710F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 71360022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 71330022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] WININET.dll!InternetGetCookieA 3D9BBD44 6 Bytes PUSH 71240022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ws2_32.dll!getaddrinfo 00A12A6F 5 Bytes JMP 71040022
.text C:\Program Files\Internet Explorer\iexplore.exe[1088] ws2_32.dll!connect 00A14A07 5 Bytes JMP 71080022
.text C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe[1132] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe[1132] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe[1132] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe[1132] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe[1132] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe[1132] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe[1132] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02B30001
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[1200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00B60001
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1232] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1232] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EC0001
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1312] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9B, 71]
.text C:\WINDOWS\system32\svchost.exe[1312] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1356] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00414C10 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1356] USER32.dll!GetGUIThreadInfo + FB 7E428023 6 Bytes JMP 716E001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1356] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71650022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1356] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 71680022
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A4, 71]
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9E, 71]
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[1504] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9B, 71]
.text C:\WINDOWS\System32\svchost.exe[1504] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 02B30001
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00650001
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1704] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\WINDOWS\system32\svchost.exe[1704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00CB0001
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[1744] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[1744] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[1744] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[1744] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[1744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[1744] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\HPQ\SHARED\HPQWMI.exe[1744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00640001
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1912] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[1912] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E10001
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9F, 71]
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[1988] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9C, 71]
.text C:\WINDOWS\system32\svchost.exe[1988] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01C40001
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2020] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2020] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2020] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2020] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2020] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe[2020] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2056] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2056] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2056] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2056] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2056] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2056] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe[2056] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003D0001
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2076] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2076] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2076] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2076] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2076] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2076] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe[2076] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
.text C:\WINDOWS\System32\svchost.exe[2112] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2112] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A9, 71]
.text C:\WINDOWS\System32\svchost.exe[2112] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2112] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A3, 71]
.text C:\WINDOWS\System32\svchost.exe[2112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\svchost.exe[2112] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A0, 71]
.text C:\WINDOWS\System32\svchost.exe[2112] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 006B0001
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2172] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2172] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2172] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2172] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2172] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2172] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\PC Tools Security\pctsAuxs.exe[2172] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00740001
.text C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE[2192] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE[2192] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE[2192] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE[2192] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE[2192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE[2192] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\PROGRA~1\Webroot\Security\Current\plugins\cleanup\WRCLEA~1.EXE[2192] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 007F0001
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2200] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2200] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2200] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2200] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2200] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2200] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe[2200] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BB0001
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A9, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A3, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A0, 71]
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 064F0001
.text C:\Program Files\PC Tools Security\pctsSvc.exe[2296] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BEE1 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 01FE7420 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ntdll.dll!LdrLoadDll + 1 7C9163C4 5 Bytes [22, 00, 68, 71, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 009D0001
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 6 Bytes PUSH 71500022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71440022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!RegisterClassW 7E41A39A 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 716E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!CreateDialogParamW 7E41EA3B 5 Bytes JMP 052E4D20 C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!DdeInitializeW 7E4206D7 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 052E4EA0 C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9AE9 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD145 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB44 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E254696 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!RegisterClassA 7E42EA5E 6 Bytes PUSH 71610022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!GetClipboardData 7E430DBA 6 Bytes PUSH 71470022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E4FEF C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E4F21 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E4F8C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E4DF2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E4E54 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E5052 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 052E44A0 C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E4EB6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] USER32.dll!TrackPopupMenuEx 7E46CF62 5 Bytes JMP 052E4600 C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Toolbar/Conduit Ltd.)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 71530022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ole32.dll!CoCreateInstanceEx 774FF154 5 Bytes JMP 714D0022
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDBA0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5370 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WS2_32.dll!getaddrinfo 00F02A6F 5 Bytes JMP 71030022
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WS2_32.dll!connect 00F04A07 5 Bytes JMP 71070022
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetCloseHandle 3D949088 6 Bytes PUSH 712C0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetQueryDataAvailable 3D94BF83 6 Bytes PUSH 71170022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!HttpAddRequestHeadersA 3D94CF4E 6 Bytes PUSH 71410022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!HttpOpenRequestA 3D94D508 6 Bytes PUSH 713E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetConnectA 3D94DEAE 6 Bytes PUSH 71290022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetConnectW 3D94F862 6 Bytes PUSH 71260022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!HttpSendRequestW 3D94FABE 6 Bytes PUSH 712F0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!HttpOpenRequestW 3D94FBFB 6 Bytes PUSH 713B0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetOpenA 3D95D690 6 Bytes PUSH 711D0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetOpenW 3D95DB09 6 Bytes PUSH 711A0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetSetStatusCallback 3D95DCC8 6 Bytes PUSH 71110022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!HttpSendRequestA 3D95EE89 6 Bytes PUSH 71380022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetReadFileExA 3D963381 6 Bytes PUSH 71140022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetGetCookieExA 3D964BD0 6 Bytes PUSH 71200022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetWriteFile 3D9A608E 6 Bytes PUSH 710E0022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!HttpSendRequestExA 3D9BA666 6 Bytes PUSH 71350022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!HttpSendRequestExW 3D9BA6BF 6 Bytes PUSH 71320022; RET
.text C:\Program Files\Internet Explorer\iexplore.exe[2316] WININET.dll!InternetGetCookieA 3D9BBD44 6 Bytes PUSH 71230022; RET
.text C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe[2352] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe[2352] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe[2352] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe[2352] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe[2352] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe[2352] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\Webroot\Security\Current\plugins\antispam\wrhkisvc.exe[2352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003B0001
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 004397C0 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes JMP 716B0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01200001
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71680022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[2368] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 716E0022
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2392] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2392] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2392] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2392] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2392] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2392] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe[2392] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2484] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2484] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2484] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2484] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2484] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\HP\HP Software Update\HPWuSchd2.exe[2484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C50001
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2580] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2580] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2580] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2580] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2580] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPLpr.exe[2580] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01190001
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2604] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 50367370 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSUDLL.dll
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2604] ntdll.dll!KiUserExceptionDispatcher + 9 7C90E485 5 Bytes JMP 000160B0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2604] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00014930 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2604] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 000152F0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2604] kernel32.dll!LoadLibraryExW 7C801AF5 5 Bytes [33, C0, C2, 0C, 00] {XOR EAX, EAX; RET 0xc}
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2604] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 000152A0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE[2604] kernel32.dll!VirtualFree 7C809B84 5 Bytes JMP 000152D0 C:\Program Files\Webroot\Security\current\plugins\antimalware\SSU.EXE (Spy Sweeper SSU/Webroot Software, Inc. (www.webroot.com))
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[2608] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01460001
.text C:\Program Files\iTunes\iTunesHelper.exe[2728] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2728] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [A4, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[2728] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2728] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [9E, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[2728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[2728] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [9B, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[2728] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 0A910001
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[2744] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[2744] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[2744] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[2744] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[2744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[2744] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe[2744] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 03130001
.text C:\WINDOWS\system32\ctfmon.exe[2760] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2760] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\ctfmon.exe[2760] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2760] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\ctfmon.exe[2760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[2760] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\ctfmon.exe[2760] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D40001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2768] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2768] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2768] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2768] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2768] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[2768] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[2836] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[2836] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[2836] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[2836] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[2836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[2836] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe[2836] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012A0001
.text C:\Program Files\WinZip\WZQKPICK.EXE[2844] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinZip\WZQKPICK.EXE[2844] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\WinZip\WZQKPICK.EXE[2844] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinZip\WZQKPICK.EXE[2844] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\WinZip\WZQKPICK.EXE[2844] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\WinZip\WZQKPICK.EXE[2844] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\WinZip\WZQKPICK.EXE[2844] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2888] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2888] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2888] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2888] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2888] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\Program Files\Microsoft Office\Office\OSA.EXE[2888] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01040001
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\svchost.exe[3080] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\svchost.exe[3080] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E80001
.text C:\Program Files\PC Tools Security\pctsGui.exe[3092] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044BB9D C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools)
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe[3208] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe[3208] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AD, 71]
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe[3208] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe[3208] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A4, 71]
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe[3208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe[3208] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A1, 71]
.text C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe[3208] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 012A0001
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A5, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A2, 71]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3280] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00750001
.text C:\Program Files\iPod\bin\iPodService.exe[3484] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3484] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3484] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3484] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\iPod\bin\iPodService.exe[3484] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[3484] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[3484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00890001
.text C:\Documents and Settings\Michelle\My Documents\gmer\gmer.exe[4012] ntdll.dll!NtCreateSection 7C90D17E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Michelle\My Documents\gmer\gmer.exe[4012] ntdll.dll!NtCreateSection + 4 7C90D182 2 Bytes [AE, 71]
.text C:\Documents and Settings\Michelle\My Documents\gmer\gmer.exe[4012] ntdll.dll!NtTerminateProcess 7C90DE6E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Michelle\My Documents\gmer\gmer.exe[4012] ntdll.dll!NtTerminateProcess + 4 7C90DE72 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Documents and Settings\Michelle\My Documents\gmer\gmer.exe[4012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Michelle\My Documents\gmer\gmer.exe[4012] ntdll.dll!NtWriteVirtualMemory + 4 7C90DFB2 2 Bytes [A5, 71]
.text C:\Documents and Settings\Michelle\My Documents\gmer\gmer.exe[4012] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003B0001

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip 827F2990

AttachedDevice \Driver\Tcpip \Device\Ip pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp 827F2990

AttachedDevice \Driver\Tcpip \Device\Tcp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)
Device \Driver\Tcpip \Device\Udp 827F2990

AttachedDevice \Driver\Tcpip \Device\Udp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

Device \Driver\Tcpip \Device\RawIp 827F2990

AttachedDevice \Driver\Tcpip \Device\RawIp pwipf6.sys (pwipf6/Privacyware/PWI, Inc.)

Device \Driver\Tcpip \Device\IPMULTICAST 827F2990

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\460C9015E31878e40BED8CFAB7B50CB2\Usage@smartwebprintingOC.msm 1043531945
Reg HKCU\Software\Microsoft\Windows\ShellNoRoam\Bags\34\Shell@ScrollPos1280x800(1).y 2

---- EOF - GMER 1.0.15 ----



thanks again.

Attached Files



BC AdBot (Login to Remove)

 


#2 brenm2

brenm2
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ireland
  • Local time:09:05 PM

Posted 20 January 2011 - 05:50 AM

FYI after looking at the volume of posts you guys get looking for help i decided to format the pc and reinstall windows.
thanks anyway

Brenm2

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 AM

Posted 20 January 2011 - 04:15 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users