|
-
November 18th, 2009, 10:07 PM
#1
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\Explorer.EXE[2372] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA30F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F8E0F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F8B0F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA00F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5F9A0F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F910F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F880F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [98, 5F] {CWDE ; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F850F5A
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[2372] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [95, 5F] {XCHG EBP, EAX; POP EDI}
.text C:\WINDOWS\Explorer.EXE[2372] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\WINDOWS\Explorer.EXE[2372] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
-
November 18th, 2009, 10:07 PM
#2
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Dell\Media Experience\DMXLauncher.exe[2536] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
-
November 18th, 2009, 10:08 PM
#3
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe[2764] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
-
November 18th, 2009, 10:08 PM
#4
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe[2960] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FB90F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5FA40F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5FA10F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [B4, 5F] {MOV AH, 0x5f}
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FB60F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FB00F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5FA70F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F9E0F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [AE, 5F] {SCASB ; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F9B0F5A
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [AB, 5F] {STOSD ; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
-
November 18th, 2009, 10:09 PM
#5
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\WINDOWS\stsystra.exe[3268] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\WINDOWS\stsystra.exe[3268] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F980F5A
.text C:\WINDOWS\stsystra.exe[3268] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F950F5A
.text C:\WINDOWS\stsystra.exe[3268] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F920F5A
.text C:\WINDOWS\stsystra.exe[3268] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
-
November 18th, 2009, 10:10 PM
#6
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe[3580] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
-
November 18th, 2009, 10:10 PM
#7
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe[3836] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe[4092] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtClose 7C90CFEE 3 Bytes [FF, 25, 1E]
-
November 18th, 2009, 10:11 PM
#8
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtClose + 4 7C90CFF2 2 Bytes [4D, 5F] {DEC EBP; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtCreateFile 7C90D0AE 1 Byte [FF]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtCreateFile 7C90D0AE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtCreateFile + 4 7C90D0B2 2 Bytes [6E, 5F] {OUTSB ; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [50, 5F] {PUSH EAX; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDeleteFile 7C90D23E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDeleteFile + 4 7C90D242 2 Bytes [71, 5F] {JNO 0x61}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDeleteKey 7C90D24E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDeleteKey + 4 7C90D252 2 Bytes [53, 5F] {PUSH EBX; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDeleteValueKey 7C90D26E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDeleteValueKey + 4 7C90D272 2 Bytes [56, 5F] {PUSH ESI; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDuplicateObject 7C90D29E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtDuplicateObject + 4 7C90D2A2 2 Bytes [59, 5F] {POP ECX; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtEnumerateKey 7C90D2CE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtEnumerateKey + 4 7C90D2D2 2 Bytes [5C, 5F] {POP ESP; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtEnumerateValueKey 7C90D2EE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtEnumerateValueKey + 4 7C90D2F2 2 Bytes [5F, 5F] {POP EDI; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtOpenFile 7C90D59E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtOpenFile + 4 7C90D5A2 2 Bytes [74, 5F] {JZ 0x61}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtQueryMultipleValueKey 7C90D86E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtQueryMultipleValueKey + 4 7C90D872 2 Bytes [62, 5F]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtQueryValueKey 7C90D96E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtQueryValueKey + 4 7C90D972 2 Bytes [65, 5F]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtReadFile 7C90D9CE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtReadFile + 4 7C90D9D2 2 Bytes [77, 5F] {JA 0x61}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtSetInformationFile 7C90DC5E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtSetInformationFile + 4 7C90DC62 2 Bytes [7A, 5F] {JP 0x61}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [68, 5F]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtUnloadKey 7C90DECE 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtUnloadKey + 4 7C90DED2 2 Bytes [6B, 5F]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtWriteFile 7C90DF7E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!NtWriteFile + 4 7C90DF82 2 Bytes [7D, 5F] {JGE 0x61}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!LdrLoadDll 7C9163C3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ntdll.dll!LdrLoadDll + 4 7C9163C7 2 Bytes [4A, 5F] {DEC EDX; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!TerminateProcess 7C801E1A 6 Bytes JMP 5F310F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!WriteProcessMemory 7C802213 6 Bytes JMP 5F370F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!CreateFileMappingW 7C80943C 6 Bytes JMP 5F3D0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!MapViewOfFileEx 7C80B936 6 Bytes JMP 5F340F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!CreateRemoteThread 7C8104CC 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!CreateRemoteThread + 4 7C8104D0 2 Bytes [41, 5F] {INC ECX; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!CreateProcessInternalW 7C8197B0 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!CreateProcessInternalW + 4 7C8197B4 2 Bytes [47, 5F] {INC EDI; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!MoveFileWithProgressW 7C81F72E 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!MoveFileWithProgressW + 4 7C81F732 2 Bytes [44, 5F] {INC ESP; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] kernel32.dll!CopyFileExW 7C827B32 6 Bytes JMP 5F3A0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!DispatchMessageW 7E418A01 6 Bytes JMP 5FA90F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!TranslateMessage 7E418BF6 6 Bytes JMP 5F940F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!DispatchMessageA 7E4196B8 6 Bytes JMP 5F910F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!CreateAcceleratorTableW 7E41D9BB 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!CreateAcceleratorTableW + 4 7E41D9BF 2 Bytes [A4, 5F] {MOVSB ; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!SetWindowsHookExW 7E42820F 6 Bytes JMP 5FA60F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!GetKeyState 7E429ED9 6 Bytes JMP 5FA00F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!GetAsyncKeyState 7E42A78F 6 Bytes JMP 5F970F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!BeginDeferWindowPos 7E42AFB9 6 Bytes JMP 5F8E0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!GetKeyboardState 7E42D226 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!GetKeyboardState + 4 7E42D22A 2 Bytes [9E, 5F] {SAHF ; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!SetWindowsHookExA 7E431211 6 Bytes JMP 5F8B0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!AttachThreadInput 7E431E52 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] USER32.dll!AttachThreadInput + 4 7E431E56 2 Bytes [9B, 5F] {WAIT ; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!CloseServiceHandle 77DE6CE5 6 Bytes JMP 5F100F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!OpenServiceW 77DE6FFD 6 Bytes JMP 5F220F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!StartServiceA 77DEFB58 6 Bytes JMP 5F250F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!StartServiceW 77DF3E94 6 Bytes JMP 5F280F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!ControlService 77DF4A09 6 Bytes JMP 5F130F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!OpenServiceA 77DF4C66 6 Bytes JMP 5F1F0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!LsaAddAccountRights 77E1ABF1 6 Bytes JMP 5F2B0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!LsaRemoveAccountRights 77E1AC91 6 Bytes JMP 5F2E0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!ChangeServiceConfigA 77E36E69 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!ChangeServiceConfigW 77E37001 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!ChangeServiceConfig2A 77E37101 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!ChangeServiceConfig2W 77E37189 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!ChangeServiceConfig2W + 4 77E3718D 2 Bytes [0E, 5F] {PUSH CS; POP EDI}
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F160F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F190F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ADVAPI32.dll!DeleteService 77E374B1 6 Bytes JMP 5F1C0F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ole32.dll!CoCreateInstanceEx 77500526 6 Bytes JMP 5F880F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ole32.dll!CoGetClassObject 775156C5 6 Bytes JMP 5F850F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ole32.dll!CLSIDFromProgID 775187F2 6 Bytes JMP 5F820F5A
.text C:\Documents and Settings\Jane Bower\Desktop\4mg2kcxk.exe[4384] ole32.dll!CLSIDFromProgIDEx 7755620D 6 Bytes JMP 5F7F0F5A
-
November 18th, 2009, 10:12 PM
#9
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Software)
AttachedDevice \FileSystem\Ntfs \Ntfs pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Software International)
AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
AttachedDevice \Driver\Tcpip \Device\Ip NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Tcp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\Udp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
AttachedDevice \Driver\Tcpip \Device\RawIp NETFLTDI.SYS (Panda TDI Filter/Panda Software)
Device \FileSystem\Fastfat \Fat ShlDrv51.sys (PandaShield driver/Panda Software)
Device \FileSystem\Fastfat \Fat B8AA97B4
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat pavdrv51.sys (Antivirus Filter Driver for Windows XP/2003 x86/Panda Software International)
AttachedDevice \FileSystem\Fastfat \Fat av5flt.sys
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device -> \Driver\iastor \Device\Harddisk0\DR0 86F2B2F6
---- Registry - GMER 1.0.15 ----
Reg HKLM\SOFTWARE\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}
Reg HKLM\SOFTWARE\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}@WHRUBFTNUT3JMXQXKMKSXOBADA1 0x01 0x00 0x01 0x00 ...
---- EOF - GMER 1.0.15 ----
-
November 18th, 2009, 10:12 PM
#10
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:41:40 PM, on 11/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061101
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164155393781
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
--
End of file - 10810 bytes
-
November 20th, 2009, 12:49 AM
#11
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
[list=1][*]Please, never rename Combofix unless instructed.[*]Close any open browsers.[*]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE. If Combofix asks you to install Recovery Console, please allow it.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
November 20th, 2009, 02:58 PM
#12
Here's the new Combofix log. Incidentally, after running it and restarting the PC, I was finally able to get Malwarebytes and SUPER Antispyware through Panda's firewall for updating:
ComboFix 09-11-20.01 - Jane Bower 11/20/2009 10:11.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.596 [GMT -8:00]
Running from: c:\documents and settings\Jane Bower\Desktop\ComboFix.exe
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Internet Security 2008 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\kb913800.exe
c:\windows\system32\drivers\pciide.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.
2009-11-19 00:41 . 2009-11-19 00:41 -------- d-----w- c:\program files\Trend Micro
2009-11-18 22:20 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 22:20 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 22:10 . 2009-11-18 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 19:37 . 2009-11-18 19:37 117760 ----a-w- c:\documents and settings\Jane Bower\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-18 19:37 . 2009-11-18 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-18 19:37 . 2009-11-18 19:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-18 19:37 . 2009-11-18 19:37 -------- d-----w- c:\documents and settings\Jane Bower\Application Data\SUPERAntiSpyware.com
2009-11-18 13:29 . 2009-11-18 13:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 18:31 . 2007-11-20 02:22 345480 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-11-20 18:31 . 2007-11-20 02:22 1244 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-11-20 18:31 . 2006-11-12 03:04 345480 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-11-20 18:31 . 2006-11-12 03:04 1244 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-11-19 20:30 . 2007-08-12 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-18 23:53 . 2006-11-01 16:42 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-18 19:36 . 2007-08-16 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-16 10:01 . 2006-11-01 17:10 -------- d-----w- c:\program files\Microsoft Works
2009-10-03 18:57 . 2009-10-02 02:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-08-16 10:18 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-08-30 21:53 . 2007-08-30 23:48 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-10-27 16:34 . 2007-08-07 17:32 88 --sh--r- c:\windows\system32\940D167E79.sys
2007-10-27 16:36 . 2007-08-07 17:32 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"SCANINICIO"="c:\program files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2007-07-11 27952]
"APVXDWIN"="c:\program files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" [2007-07-24 406832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-01 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 185896]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311v3 Smart Wizard.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-11-3 1078]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 04:02 50736 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [11/11/2006 7:04 PM 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [11/11/2006 7:04 PM 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [11/11/2006 7:04 PM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [11/11/2006 7:04 PM 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\netfltdi.sys [11/11/2006 7:04 PM 132920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [11/19/2007 6:08 PM 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [11/11/2006 7:04 PM 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [11/11/2006 7:04 PM 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [11/11/2006 7:04 PM 24760]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [11/11/2006 6:52 PM 178872]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [11/19/2007 6:11 PM 142128]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/1/2006 9:08 AM 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S3 sdthook;sdthook;\??\c:\windows\system32\drivers\sdthook.sys --> c:\windows\system32\drivers\sdthook.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
.
Contents of the 'Scheduled Tasks' folder
2009-11-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\panda software\panda internet security 2007\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Jane Bower\Application Data\Mozilla\Firefox\Profiles\8cop1c9s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
.
------- File Associations -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %*
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 10:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x871242F6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7543f28
\Driver\ACPI -> ACPI.sys @ 0xf73d6cb8
\Driver\iaStor -> iastor.sys @ 0xf72cbf80
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf71bfbb0
PacketIndicateHandler -> NDIS.sys @ 0xf71cca21
SendHandler -> NDIS.sys @ 0xf71aa87b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}*]
"WHRUBFTNUT3JMXQXKMKSXOBADA1"=hex:01,00,01,00,00,00,00,00,7d,86,67,30,10,5d,1c,
b8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\avldr.dll
- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\WININET.dll
- - - - - - - > 'Explorer.exe'(7060)
c:\windows\system32\WININET.dll
c:\program files\Panda Software\Panda Internet Security 2007\pavoepl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe
c:\program files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
c:\program files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
c:\program files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
c:\program files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
c:\program files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
c:\program files\Panda Software\Panda Internet Security 2007\psimsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe
c:\program files\NETGEAR\WG311v3\wlancfg5.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\Panda Software\Panda Internet Security 2007\WebProxy.exe
c:\program files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2009-11-20 10:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-20 18:36
Pre-Run: 137,819,525,120 bytes free
Post-Run: 138,168,979,456 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect
- - End Of File - - 115EB8DA65E9802C7E767185241CB924
-
November 20th, 2009, 03:00 PM
#13
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:52:02 AM, on 11/20/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NETGEAR\WG311v3\WinDomainlogon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Program Files\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Program Files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&...us&ibd=5061101
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164155393781
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Intel(R) Quick Resume technology (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\Panda Internet Security 2007\TPSrv.exe
--
End of file - 10271 bytes
-
November 20th, 2009, 11:13 PM
#14
1. Please open Notepad- Click Start , then Run
- Type notepad .exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
KillAll::
File::
c:\windows\system32\940D167E79.sys
mbr::
Folder::
Driver::
Registry::
RegLockDel::
3. Save the above as CFScript.txt
4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:- Combofix.txt
- A new HijackThis log.
-
November 21st, 2009, 12:23 AM
#15
This time after Combofix finished running after the reboot, I started getting warnings from Panda about every 2 seconds about an attempted hijack for a few minutes.
ComboFix 09-11-20.01 - Jane Bower 11/20/2009 19:41.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.605 [GMT -8:00]
Running from: c:\documents and settings\Jane Bower\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jane Bower\Desktop\CFScript.txt
AV: Panda Internet Security 2008 *On-access scanning disabled* (Outdated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Internet Security 2008 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
FILE ::
"c:\windows\system32\940D167E79.sys"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\940D167E79.sys
.
((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
.
2009-11-19 00:41 . 2009-11-19 00:41 -------- d-----w- c:\program files\Trend Micro
2009-11-18 22:20 . 2009-09-10 22:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-18 22:20 . 2009-09-10 22:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-18 22:10 . 2009-11-18 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-18 19:37 . 2009-11-20 18:57 117760 ----a-w- c:\documents and settings\Jane Bower\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-18 19:37 . 2009-11-18 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-11-18 19:37 . 2009-11-18 19:37 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-18 19:37 . 2009-11-18 19:37 -------- d-----w- c:\documents and settings\Jane Bower\Application Data\SUPERAntiSpyware.com
2009-11-18 13:29 . 2009-11-18 13:29 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-21 04:14 . 2007-11-20 02:22 349232 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-11-21 04:14 . 2007-11-20 02:22 1244 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-11-21 04:14 . 2006-11-12 03:04 349232 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-11-21 04:14 . 2006-11-12 03:04 1244 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-11-21 01:44 . 2007-08-12 20:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-11-18 23:53 . 2006-11-01 16:42 246784 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-11-18 19:36 . 2007-08-16 03:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-16 10:01 . 2006-11-01 17:10 -------- d-----w- c:\program files\Microsoft Works
2009-10-03 18:57 . 2009-10-02 02:11 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-11 14:18 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 08:08 . 2005-08-16 10:18 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:00 . 2005-08-16 10:19 247326 ----a-w- c:\windows\system32\strmdll.dll
2008-08-30 21:53 . 2007-08-30 23:48 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-10-27 16:36 . 2007-08-07 17:32 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-11-20_18.29.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2006-11-03 05:23 . 2009-11-21 03:54 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-03 05:23 . 2009-11-20 18:25 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-03 05:23 . 2009-11-21 03:54 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-11-03 05:23 . 2009-11-20 18:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-11-18 13:29 . 2009-11-20 18:25 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2009-11-18 13:29 . 2009-11-21 03:54 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-11-03 05:23 . 2009-11-21 03:54 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-11-03 05:23 . 2009-11-20 18:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-28 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-30 29744]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb08.exe" [2003-03-26 172032]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152]
"DeviceDiscovery"="c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe" [2002-12-03 40960]
"SCANINICIO"="c:\program files\Panda Software\Panda Internet Security 2007\Inicio.exe" [2007-07-11 27952]
"APVXDWIN"="c:\program files\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" [2007-07-24 406832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-11-01 98304]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-13 1121792]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-03-12 185896]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-07-24 282624]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
NETGEAR WG311v3 Smart Wizard.lnk - c:\windows\Installer\{70014586-7BBA-4A92-A610-CDC896C48F8F}\NewShortcut1_1.exe [2006-11-3 1078]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2007-02-16 04:02 50736 ----a-w- c:\windows\system32\avldr.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"110:TCP"= 110:TCP:svchost
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [11/11/2006 7:04 PM 71736]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [11/11/2006 7:04 PM 51256]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [11/11/2006 7:04 PM 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [11/11/2006 7:04 PM 191672]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\netfltdi.sys [11/11/2006 7:04 PM 132920]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [11/11/2009 10:44 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/11/2009 10:44 AM 74480]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [11/19/2007 6:08 PM 38968]
R1 SMSFLT;SMS Filter Plugin;c:\windows\system32\drivers\smsflt.sys [11/11/2006 7:04 PM 37304]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [11/11/2006 7:04 PM 30648]
R2 cpoint;Panda CPoint Driver;c:\windows\system32\drivers\cpoint.sys [11/11/2006 7:04 PM 24760]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [11/11/2006 6:52 PM 178872]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT;PANDA NDIS IM Filter Miniport;c:\windows\system32\drivers\netimflt.sys [11/19/2007 6:11 PM 142128]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\PavSRK.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [11/1/2006 9:08 AM 29744]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [11/11/2009 10:44 AM 7408]
S3 sdthook;sdthook;\??\c:\windows\system32\drivers\sdthook.sys --> c:\windows\system32\drivers\sdthook.sys [?]
--- Other Services/Drivers In Memory ---
*Deregistered* - CLASSPNP_2
.
Contents of the 'Scheduled Tasks' folder
2009-11-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-13 00:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyServer = http=127.0.0.1:80
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\panda software\panda internet security 2007\pavlsp.dll
FF - ProfilePath - c:\documents and settings\Jane Bower\Application Data\Mozilla\Firefox\Profiles\8cop1c9s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPJPI150_06.dll
FF - plugin: c:\program files\Java\jre1.5.0_06\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-20 20:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x86F2A2F6]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7508f28
\Driver\ACPI -> ACPI.sys @ 0xf739bcb8
\Driver\iaStor -> iastor.sys @ 0xf7290f80
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) 82562V 10/100 Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf7184bb0
PacketIndicateHandler -> NDIS.sys @ 0xf7191a21
SendHandler -> NDIS.sys @ 0xf716f87b
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{175AF4D7-9CF3-F457-BF0E37CACC73FC6B}\{467C247B-D237-138A-478D2C475DF76751}\{0F112251-81FD-FF65-E1D4489D8D443FBC}*]
"WHRUBFTNUT3JMXQXKMKSXOBADA1"=hex:01,00,01,00,00,00,00,00,7d,86,67,30,10,5d,1c,
b8,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1120)
c:\windows\system32\WININET.dll
c:\windows\system32\MrvGINA.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\avldr.dll
- - - - - - - > 'lsass.exe'(1184)
c:\windows\system32\WININET.dll
- - - - - - - > 'Explorer.exe'(5644)
c:\windows\system32\WININET.dll
c:\program files\Panda Software\Panda Internet Security 2007\pavoepl.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe
c:\program files\Panda Software\Panda Internet Security 2007\pavsrv51.exe
c:\program files\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
c:\program files\Panda Software\Panda Internet Security 2007\TPSrv.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Panda Software\Panda Internet Security 2007\PsCtrls.exe
c:\program files\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
c:\program files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\program files\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\program files\panda software\panda internet security 2007\firewall\PSHOST.EXE
c:\program files\Panda Software\Panda Internet Security 2007\psimsvc.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe
c:\program files\NETGEAR\WG311v3\WinDomainlogon.exe
c:\program files\NETGEAR\WG311v3\wlancfg5.exe
c:\windows\eHome\ehmsas.exe
c:\program files\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
c:\program files\Panda Software\Panda Internet Security 2007\WebProxy.exe
c:\program files\Panda Software\Panda Internet Security 2007\PavBckPT.exe
.
**************************************************************************
.
Completion time: 2009-11-20 20:19 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-21 04:19
ComboFix2.txt 2009-11-20 18:37
Pre-Run: 138,162,212,864 bytes free
Post-Run: 138,104,283,136 bytes free
- - End Of File - - 3E3A2A3D6AA21A9E44D2AF9DDB0F16B3
Thread Information
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
