Solved Browser Hijacked Randomly

Status
Not open for further replies.
S

Stat1

Posts: 33   +0
Hi,

I have a problem that happens randomly - I click on a search engine link and it redirects me to the wrong website.

I tried avira, malwarebytes and spybot and none of them fixed the browser hijack problem, however they did clean up a fake antivirus that kept popping up (Win 7 Total Security, knp.exe)

I am also concerned that this malware could steal my email passwords or worse (bank etc).

Attached are the logs that might help to find the problem. I tried to copy paste them but I got the following message: The text that you have entered is too long (476309 characters). Please shorten it to 50000 characters long.

I hope you don't mind, and thanks so much for your help.

Stat1
 

Attachments

  • all logs.zip
    33.1 KB · Views: 0
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Mbam

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6202

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

3/29/2011 15:55:20
mbam-log-2011-03-29 (15-55-20).txt

Scan type: Full scan (C:\|D:\|E:\|F:\|H:\|K:\|)
Objects scanned: 1312940
Time elapsed: 4 hour(s), 54 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
k:\Temp\osrxwmcnea.exe (Adware.Agent) -> Quarantined and deleted successfully.
k:\Temp\DCC9.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
k:\Temp\DCF8.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
k:\Temp\DD03.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
k:\Temp\DD13.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
k:\Temp\DD51.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
k:\Temp\DDB3.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
k:\Temp\E61D.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
k:\Temp\xysolution.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
 
GMER Part 1

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-04-06 00:03:44
Windows 6.1.7600 Harddisk1\DR1 -> \Device\0000008e OCZ-VERT rev.1.4_
Running: v3t1cn3e.exe; Driver: K:\Temp\fgtyqpob.sys

.text ...

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

---- Kernel code sections - GMER 1.0.15 ----

.text KernelBase.dll!LoadLibraryExW + 11C 7525B8A0 4 Bytes [0A, 00, 64, 00]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] SHELL32.dll!Shell_NotifyIconW 755CFBE1 5 Bytes JMP 280A8AF0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ole32.dll!CoRegisterClassObject 763111F5 5 Bytes JMP 280A8290 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ole32.dll!CoInitializeEx 76340804 5 Bytes JMP 280A8190 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Windows\system32\svchost.exe[1208] ole32.dll!CoCreateInstance 763557FC 5 Bytes JMP 005B000A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ADVAPI32.dll!CryptDecrypt 76862140 5 Bytes JMP 280A6F90 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ADVAPI32.dll!CryptDeriveKey 76862150 5 Bytes JMP 280A6F30 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!SetWindowPlacement 768C8169 5 Bytes JMP 280ABB80 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!CreateDialogParamW 768C9BFF 5 Bytes JMP 280ABCD0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!SetWindowRgn 768CB29A 7 Bytes JMP 280ABC20 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

---- Kernel code sections - GMER 1.0.15 ----

.text user32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Windows\system32\taskhost.exe[2260] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] user32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Windows\system32\taskeng.exe[2688] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Program Files\Core Temp.exe[3116] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Program Files\Everything\Everything.exe[3232] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Windows\System32\Ctxfihlp.exe[3476] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text D:\Program Files\NetWorx\networx.exe[3872] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Windows\system32\wuauclt.exe[5008] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 717B0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!SetForegroundWindow 768CD3AE 6 Bytes JMP 71840F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!CreateWindowExW 768D0E51 5 Bytes JMP 280A9380 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!LoadIconW 768D1431 5 Bytes JMP 280AC4A0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!LoadImageW 768D2323 5 Bytes JMP 280AC320 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

---- Kernel code sections - GMER 1.0.15 ----

.text user32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] user32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] USER32.dll!SetWindowPos 768D3581 3 Bytes [FF, 25, 1E]

---- Kernel code sections - GMER 1.0.15 ----

.text user32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Windows\system32\taskhost.exe[2260] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] user32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Windows\system32\taskeng.exe[2688] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Core Temp.exe[3116] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Everything\Everything.exe[3232] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Windows\System32\Ctxfihlp.exe[3476] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text D:\Program Files\NetWorx\networx.exe[3872] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Windows\system32\wuauclt.exe[5008] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [76, 71] {JBE 0x73}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!SetWindowPos + 4 768D3585 2 Bytes [7F, 71] {JG 0x73}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!GetWindowLongW 768D83A9 7 Bytes JMP 280AC5D0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!PeekMessageW 768D91B5 5 Bytes JMP 280AA060 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

---- Kernel code sections - GMER 1.0.15 ----

.text user32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Windows\system32\taskhost.exe[2260] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] user32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Windows\system32\taskeng.exe[2688] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Program Files\Core Temp.exe[3116] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Program Files\Everything\Everything.exe[3232] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Windows\System32\Ctxfihlp.exe[3476] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text D:\Program Files\NetWorx\networx.exe[3872] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Windows\system32\wuauclt.exe[5008] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 71740F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!ChangeDisplaySettingsExA 768E81B7 6 Bytes JMP 717D0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!TrackPopupMenuEx 768F5F72 5 Bytes JMP 280AA760 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

---- Kernel code sections - GMER 1.0.15 ----

.text user32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A

---- User code sections - GMER 1.0.15 ----

.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Windows\system32\taskhost.exe[2260] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] user32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Windows\system32\taskeng.exe[2688] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Program Files\Core Temp.exe[3116] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Program Files\Everything\Everything.exe[3232] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Windows\System32\Ctxfihlp.exe[3476] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text D:\Program Files\NetWorx\networx.exe[3872] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Windows\system32\wuauclt.exe[5008] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 71710F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!ChangeDisplaySettingsExW 7690FA61 6 Bytes JMP 717A0F5A
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] USER32.dll!MessageBoxIndirectW 7691E9C3 5 Bytes JMP 280ABF00 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WININET.dll!InternetCloseHandle 76C1C83E 5 Bytes JMP 280B0120 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WININET.dll!InternetReadFile 76C1E264 5 Bytes JMP 280AFFE0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WININET.dll!HttpOpenRequestA 76C203FA 5 Bytes JMP 280AFE80 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WININET.dll!HttpSendRequestA 76C90574 5 Bytes JMP 280B0080 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WS2_32.dll!closesocket 76EF3BED 5 Bytes JMP 280B13F0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WS2_32.dll!recv 76EF47DF 5 Bytes JMP 280B0DD0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WS2_32.dll!WSASend 76EF68A7 5 Bytes JMP 280B1220 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WS2_32.dll!WSARecv 76EFC29F 5 Bytes JMP 280B0F00 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] WS2_32.dll!send 76EFC4C8 5 Bytes JMP 280B10B0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtClose 76F74770 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7B, 71] {JNP 0x73}
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
 
GMER Part 2

.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtClose + 4 76F74774 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtClose + 4 76F74774 2 Bytes [86, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateFile 76F74870 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9B, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateFile + 4 76F74874 2 Bytes [9C, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateKey 76F748B0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
 
GMER Part 3

.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AD, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateKey + 4 76F748B4 2 Bytes [AE, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateProcess 76F74940 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [87, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [89, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateProcess + 4 76F74944 2 Bytes [8A, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateProcessEx 76F74950 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [84, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [86, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
 
GMER Part 4

.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateProcessEx + 4 76F74954 2 Bytes [87, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateSection 76F74990 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [8F, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateSection + 4 76F74994 2 Bytes [90, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateUserProcess 76F74A20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8A, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8C, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtCreateUserProcess + 4 76F74A24 2 Bytes [8D, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
 
GMER Part 5

.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtDeleteKey 76F74AC0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A7, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtDeleteKey + 4 76F74AC4 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtDeleteValueKey 76F74AF0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A1, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtDeleteValueKey + 4 76F74AF4 2 Bytes [A2, 71]
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtProtectVirtualMemory 76F751C0 5 Bytes JMP 0017000A
.text C:\Windows\Explorer.EXE[2656] ntdll.dll!NtProtectVirtualMemory 76F751C0 5 Bytes JMP 004A000A
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
 
GMER Part 6

.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtRenameKey 76F75670 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9E, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtRenameKey + 4 76F75674 2 Bytes [9F, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtSetInformationFile 76F758E0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [92, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtSetInformationFile + 4 76F758E4 2 Bytes [93, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
 
GMER Part 7

.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtSetValueKey 76F75AB0 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A4, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtSetValueKey + 4 76F75AB4 2 Bytes [A5, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtTerminateProcess 76F75B70 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [81, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [83, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [84, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtTerminateProcess + 4 76F75B74 2 Bytes [8C, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
 
GMER Part 8

.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtWriteFile 76F75D10 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [98, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtWriteFile + 4 76F75D14 2 Bytes [99, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtWriteFileGather 76F75D20 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [95, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtWriteFileGather + 4 76F75D24 2 Bytes [96, 71]
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
 
GMER Part 9

.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtWriteVirtualMemory 76F75D40 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtWriteVirtualMemory 76F75D40 5 Bytes JMP 0018000A
.text C:\Windows\Explorer.EXE[2656] ntdll.dll!NtWriteVirtualMemory 76F75D40 5 Bytes JMP 004B000A
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Bonjour\mDNSResponder.exe[276] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\csrss.exe[436] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\wininit.exe[496] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\csrss.exe[504] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\services.exe[544] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\lsass.exe[568] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\lsm.exe[576] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\winlogon.exe[660] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[720] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\conhost.exe[828] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\nvvsvc.exe[972] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[1004] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\System32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\System32\svchost.exe[1176] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\explorer.exe[1200] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Creative\Shared Files\CTAudSvc.exe[1392] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[1440] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe[1476] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe[1504] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\nvvsvc.exe[1528] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[1564] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1668] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\System32\spoolsv.exe[1852] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[1920] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe[2232] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\taskhost.exe[2260] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[2304] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Avid\Mbox\AudioDevMon.exe[2372] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text E:\Program Files\No-IP 2.2.1\DUC20.exe[2432] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\Dwm.exe[2476] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe[2516] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe[2604] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\taskeng.exe[2688] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2712] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\Spyware Doctor\pctsAuxs.exe[2840] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\vmnetdhcp.exe[2936] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\EVGA Precision\EVGAPrecision.exe[3044] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Core Temp.exe[3116] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Everything\Everything.exe[3232] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe[3324] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[3360] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text c:\program files\subversion\bin\svnserve.exe[3384] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe[3416] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\System32\Ctxfihlp.exe[3476] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\SugarSync\SugarSyncManager.exe[3548] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe[3616] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\vmnat.exe[3696] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Users\Nader\Desktop\v3t1cn3e.exe[3708] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\svchost.exe[3792] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\RealVNC\VNC4\WinVNC4.exe[3848] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\NetWorx\networx.exe[3872] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\RealVNC\VNC4\winvnc4.exe[3972] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\iTunes\iTunesHelper.exe[3992] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text E:\Program Files\VMware\VMware Workstation\vmware-authd.exe[4000] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text D:\Program Files\Spyware Doctor\BDT\FGuard.exe[4052] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\wuauclt.exe[5008] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [80, 71]
.text C:\Windows\system32\wbem\wmiprvse.exe[1020] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Windows\System32\svchost.exe[2012] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4560] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Windows\servicing\TrustedInstaller.exe[4744] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Windows\system32\SearchIndexer.exe[4816] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Windows\System32\alg.exe[5336] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Program Files\iPod\bin\iPodService.exe[5772] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Windows\SYSTEM32\CTXFISPI.EXE[5804] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [81, 71]
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] ntdll.dll!NtWriteVirtualMemory + 4 76F75D44 2 Bytes [89, 71]
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!KiUserExceptionDispatcher 76F76298 5 Bytes JMP 0016000A
.text C:\Windows\Explorer.EXE[2656] ntdll.dll!KiUserExceptionDispatcher 76F76298 5 Bytes JMP 0049000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3092] ntdll.dll!LdrLoadDll 76F8F5B5 5 Bytes JMP 00901410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5304] ntdll.dll!LdrLoadDll 76F8F5B5 5 Bytes JMP 00901410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!LockResource 770C345C 5 Bytes JMP 280A7F30 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!CreateEventA 770C3A2B 5 Bytes JMP 280A7430 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!FindResourceW 770C922F 5 Bytes JMP 280A7BF0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!SizeofResource 770C924D 5 Bytes JMP 280A7EC0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!FindResourceExW 770CA7EF 5 Bytes JMP 280A7C70 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!LoadResource 770CD3B0 5 Bytes JMP 280A7E10 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!FindResourceExA 770CD4AD 7 Bytes JMP 280A7D80 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)
.text C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] kernel32.dll!FindResourceA 770CD575 5 Bytes JMP 280A7CF0 D:\Program Files\Yuna Software\Messenger Plus!\MsgPlusLive.dll (Messenger Plus! 5 Add-On/Yuna Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13BD 83497589 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834BC092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 834C393C 3 Bytes [68, CF, FA]
.text ntkrnlpa.exe!RtlSidHashLookup + 330 834C3940 3 Bytes [30, D2, FA] {XOR DL, DL; CLI }
.text ntkrnlpa.exe!RtlSidHashLookup + 364 834C3974 3 Bytes [2C, D5, FA] {SUB AL, 0xd5; CLI }
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 834C3DC8 3 Bytes [D8, C9, FA] {FMUL ST, ST(1); CLI }
.text sptd.sys 83C25000 8 Bytes [A6, A1, 42, 83, A0, 07, 42, ...]
.text sptd.sys 83C25009 23 Bytes [07, 42, 83, 48, 2B, 42, 83, ...]
.text sptd.sys 83C25024 4 Bytes [32, D5, D4, 83] {XOR DL, CH; AAM 0x83}
.text sptd.sys 83C2502C 121 Bytes [4C, 5D, 6B, 83, 15, 64, 65, ...]
.text sptd.sys 83C250A6 66 Bytes [4C, 83, C0, B5, 56, 83, 39, ...]
PAGE PCIIDEX.SYS!DllUnload 83ED0606 5 Bytes JMP 86E831D8
PAGE ataport.SYS!DllUnload + 1 83F0BAD7 4 Bytes JMP 862761D9
.text USBPORT.SYS!DllUnload 93A27CA0 5 Bytes JMP 87B041D8

---- User IAT/EAT - GMER 1.0.15 ----

IAT D:\Program Files\Spyware Doctor\pctsGui.exe[3316] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BAF0] D:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsGui.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BAF0] D:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsGui.exe[3316] @ C:\Windows\system32\wininet.dll [KERNEL32.dll!CreateThread] [0044BAF0] D:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsGui.exe[3316] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044BCF4] D:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsGui.exe[3316] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044BCF4] D:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools GUI Application/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateThread] [0044BE34] D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0044BE34] D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!CreateThread] [0044BE34] D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [0044C038] D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT D:\Program Files\Spyware Doctor\pctsSvc.exe[2996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [0044C038] D:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools Security Service/PC Tools)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] [6AFA92CD] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlCreateHeap] [6AFA94A8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlDestroyHeap] [6AFA94B8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlLockHeap] [6AFA94D8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlUnlockHeap] [6AFA94E8] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] [6AFA9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] [6AFA9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlReAllocateHeap] [6AFA9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlReAllocateHeap] [6AFA9832] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\WS2_32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\ole32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\CRYPT32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] [6AFA9E78] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] [6AFAA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\USER32.dll [ntdll.dll!RtlSizeHeap] [6AFAA27D] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\kernel32.dll [ntdll.dll!RtlExitUserProcess] [6AFAAA9E] C:\Windows\AppPatch\AcXtrnal.DLL (Windows Compatibility DLL/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [73795624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73795624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [737956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [737956E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [737A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [737A4C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [737A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [737A4D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [737A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [737A50CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [737A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [737A51A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [737A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [737A66D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [737A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [737A82CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [737A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [737A8573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [737A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [737A8819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [737A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [737A907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [737AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [737AE21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [737B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [737B2494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1200] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [737B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2656] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [737B250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2108] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2108] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2108] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2108] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2108] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe[2108] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3160] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [74FD5E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [83C260CA] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [83C2636C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [83C2657E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [83C26FEA] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [83C271C6] \SystemRoot\System32\Drivers\sptd.sys
 
GMER Part 10

---- Kernel code sections - GMER 1.0.15 ----

.sptd2 C:\Windows\System32\Drivers\sptd.sys entry point in ".sptd2" section [0x83D005B5]
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
? K:\Temp\ALSysIO.sys The system cannot find the file specified. !

---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0x83FACF68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0x83FAD230]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateUserProcess [0x83FAD52C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0x83FAC9D8]

---- EOF - GMER 1.0.15 ----
 
DDS Part 1

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 1/19/2010 20:38:55
System Uptime: 4/6/2011 9:02:26 (0 hours ago)
.
Motherboard: EVGA | | 132-CK-NF78
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2403/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 30 GiB total, 1.695 GiB free.
D: is FIXED (NTFS) - 883 GiB total, 124.069 GiB free.
E: is FIXED (NTFS) - 699 GiB total, 8.932 GiB free.
F: is FIXED (NTFS) - 49 GiB total, 1.8 GiB free.
G: is CDROM (CDFS)
H: is FIXED (NTFS) - 932 GiB total, 67.819 GiB free.
I: is CDROM (CDFS)
K: is FIXED (NTFS) - 1863 GiB total, 99.973 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: LogMeIn Kernel Information Provider
Device ID: ROOT\LEGACY_LMIINFO\0000
Manufacturer:
Name: LogMeIn Kernel Information Provider
PNP Device ID: ROOT\LEGACY_LMIINFO\0000
Service: LMIInfo
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
Manufacturer:
Name: SASDIFSV
PNP Device ID: ROOT\LEGACY_SASDIFSV\0000
Service: SASDIFSV
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
7-Zip 4.65
ABBYY FineReader 10 Professional Edition
AC3Filter 1.63b
Addictive Drums
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS5
Adobe Photoshop Lightroom 2.5
Adobe Photoshop Lightroom 3.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Archive Password Recovery
AGEIA GAME System Software
AmpliTube 3
AnkhSVN 2.1.7819.411
Anki
Antares Autotune Evo VST RTAS v6.0.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 10.0.1
Assassin's Creed
Assassin's Creed II
Astaro SSL VPN Client 1.7
Audacity 1.3.11 (Unicode)
Audio Bro LA Scoring Strings
Avid Audio Drivers (x86)
Avid Mbox Driver 1.0.19 (x86)
Avid Mbox Mini Driver 1.0.4 (x86)
Avid Mbox Pro Driver 1.0.10 (x86)
Avid Pro Tools Creative Collection 8.0.4
Avid Pro Tools LE 8.0.4
Avira AntiVir Personal - Free Antivirus
Battlefield 2(TM)
Battlefield: Bad Company™ 2
Bing Maps 3D
Bonjour
Browser Defender 3.0
Call of Duty: Black Ops
CDBurnerXP
Command & Conquer™ Red Alert™ 3
Company of Heroes
Connect
Corel VideoStudio 12
CPUID CPU-Z 1.56
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties
Crysis(R)
Crystal Reports for Visual Studio
CSS Tab Designer v2.0
Curl RTE 7.0.3
Debugger Diagnostics
Digidesign ElevenRack Driver 1.0.8 (x86)
Dragon Age: Origins - Awakening
EASEUS Data Recovery Wizard Professional 4.3.6
Everything 1.2.1.371
EVGA E-LEET TUNING UTILITY 1.08.8
EVGA OC Scanner 1.6.0
EVGA Precision 2.0.2
EZdrummer
F.lux
Fallout New Vegas
Fences
ffdshow [rev 1846] [2008-02-05]
Fila World Tour Tennis
FINAL FANTASY XI
FLV Player 2.0 (build 25)
Folding@home-x86
foobar2000 v1.1.1
Foxit Reader
Fraps
Free DigiRack Plug-Ins 8.0.3
FreePhoneLine
Google Chrome
Google Earth
Google Talk (remove only)
Google Talk Plugin
Google Update Helper
Guitar Pro 6
Half-Life 2: Lost Coast
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971092)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
Hotfix for Microsoft Visual Studio 2010 Ultimate - ENU (KB982218)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual Web Developer 2010 Express - ENU (KB982218)
Human Japanese 2.0
HyperCam Toolbar
IIS Database Manager
Interlok driver setup x32
iTunes
iZotope Ozone 4
Java 3D 1.5.1
Java Auto Updater
Java(TM) 6 Update 23
JetBrains ReSharper 5.0
kuler
LAME v3.98.2 for Audacity
Last.fm 1.5.4.27091
Lead and Gold - Gangs of the Wild West
LimeWire PRO 5.4.7
Magic ISO Maker v5.4 (build 0251)
MagicDisc 2.7.106
Media Player Classic - Home Cinema v. 1.3.1249.0
Mercurial 1.5.1062
Messenger Plus! 5
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Choice Guard
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Studio 3
Microsoft Expression Studio 4
Microsoft F# Runtime for Silvelight 4
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Help Viewer 1.0
Microsoft Network Monitor 3.4
Microsoft Network Monitor: NetworkMonitor Parsers 3.4
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word Viewer 2003
Microsoft Press Training Kit Exam Prep Suite 70-515
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 3 Toolkit November 2009
Microsoft Silverlight 3 Tools for Visual Studio 2008 SP1 - ENU
Microsoft Silverlight 3 Tools for Visual Web Developer Express 2008 SP1 - ENU
Microsoft Silverlight 4 SDK
Microsoft Silverlight 4 Toolkit April 2010
Microsoft Silverlight 4 Tools for Visual Studio 2010
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 R2 Data-Tier Application Framework
Microsoft SQL Server 2008 R2 Data-Tier Application Project
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 R2 Transact-SQL Language Service
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime v1.0 SP1 (x86)
Microsoft Sync Framework SDK v1.0 SP1
Microsoft Sync Framework Services v1.0 SP1 (x86)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86)
Microsoft Team Foundation Server 2010 Object Model - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
 
DDS Part 2

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4418
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Performance Collection Tools - ENU
Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
Microsoft Visual Studio 2010 Ultimate - ENU
Microsoft Visual Studio Macro Tools
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft Web Platform Installer 3.0
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
mIRC
Mozilla Firefox 4.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
MusicLab RealGuitar 2.0
MySQL Connector Net 5.2.5
Native Instruments Abbey Road 60s Drums
Native Instruments Absynth 5
Native Instruments Acoustic Refractions
Native Instruments Battery 3
Native Instruments Berlin Concert Grand
Native Instruments FM8
Native Instruments Komplete 7
Native Instruments Kontakt 4
Native Instruments Kore Player
Native Instruments Massive
Native Instruments New York Concert Grand
Native Instruments Rammfire
Native Instruments Reaktor 5
Native Instruments Reaktor Prism
Native Instruments Reaktor Spark R2
Native Instruments Reflektor
Native Instruments Scarbee A-200
Native Instruments Scarbee Clavinet Pianet
Native Instruments Scarbee Mark I
Native Instruments Scarbee MM-Bass
Native Instruments Service Center
Native Instruments The Finger R2
Native Instruments Traktors 12
Native Instruments Upright Piano
Native Instruments Vienna Concert Grand
Native Instruments Vintage Organs
Need for Speed(TM) Hot Pursuit
NetWorx 5.1.7
nLite 1.4.9.1
No-IP.com DUC (remove only)
Notepad++
NVIDIA Control Panel 266.58
NVIDIA Drivers
NVIDIA Graphics Driver 266.58
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
Oblivion
OleAutClean
OpenAL
OpenVPN 2.2-beta3
PDF Settings CS4
PDF Settings CS5
PE Builder 3.1.10a
Personal Video Database 0.9.9.21
Photoshop Camera Raw
Pianoteq v2.3.0
Picasa 3
PlayOnline Viewer & Tetra Master
Project SAM Symphobia 1.0
Project64 1.6
Psychonauts
Python 2.7 ipython-0.10.1
Python 2.7.1
Qt SDK 2010.02.1
QuickTime
Sample Modeling Mr. Sax T
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
Service Pack 1 for SQL Server 2008 (KB968369)
Shutdown Monster 4.0.5.2
Silver Efex Pro
Sins of a Solar Empire Trinity
Skype™ 5.1
Sonic Charge µTonic VSTi v2.0
Spyware Doctor 8.0
Sql Server Customer Experience Improvement Program
StarCraft II
Steinberg Virtual Guitarist Electric Edition
Subversion
SugarSync Manager
Suite Shared Configuration CS4
Synergy
Telerik RadControls for Silverlight Q3 2010
TextPad 5
The Sims Medieval
TortoiseHg 1.0
TortoiseSVN 1.6.7.18415 (32 bit)
TreeSize Free V2.4
TrueCrypt
Tunatic
Ubisoft Game Launcher
Unlocker 1.9.0
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB967143)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB967144)
vanBasco's Karaoke Player
VC Runtimes MSI
VH Toolkit 1.0.46.0
VideoStudio
Vim 7.2 (self-installing)
Virtua Tennis 3
Virus TI Software Suite
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VisualHG 1.0.8
VLC media player 1.1.5
VMware Workstation
VNC Enterprise Edition E4.3.1
VNC Mirror Driver 1.7
Vst To Rtas Adapter V2.11
WampServer 2.1
WCF RIA Services V1.0 for Visual Studio 2010
Web Deployment Tool
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
Wing IDE 3.2.12-1
WinRAR archiver
WinTax Calculator
Worms Reloaded
Worms2
WPF Toolkit June 2009 (Version 3.5.40619.1)
XML Notepad 2007
Yahoo! Messenger
Yahoo! Software Update
ZumoDrive
.
==== Event Viewer Messages From Past Week ========
.
4/6/2011 9:03:35, Error: Microsoft-Windows-WMPNSS-Service [14338] - A new media server was not initialized because CoCreateInstance(CLSID_UPnPRegistrar) encountered error '0x80070422'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
4/6/2011 9:03:31, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASDIFSV SASKUTIL
4/6/2011 9:03:02, Error: Service Control Manager [7000] - The LogMeIn Kernel Information Provider service failed to start due to the following error: The system cannot find the path specified.
4/6/2011 0:08:22, Error: Microsoft-Windows-SharedAccess_NAT [34001] - The ICS_IPV6 failed to configure IPv6 stack.
4/6/2011 0:08:14, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.
4/5/2011 8:38:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
4/5/2011 8:38:33, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
4/5/2011 8:38:33, Error: Service Control Manager [7001] - The Remote Access Connection Manager service depends on the Telephony service which failed to start because of the following error: The service has not been started.
4/5/2011 8:38:33, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Remote Access Connection Manager service which failed to start because of the following error: The dependency service or group failed to start.
4/5/2011 8:36:34, Error: Service Control Manager [7034] - The Diagnostic System Host service terminated unexpectedly. It has done this 1 time(s).
4/5/2011 8:36:34, Error: Service Control Manager [7031] - The WLAN AutoConfig service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:34, Error: Service Control Manager [7031] - The Windows Driver Foundation - User-mode Driver Framework service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:34, Error: Service Control Manager [7031] - The Windows Audio Endpoint Builder service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2011 8:36:34, Error: Service Control Manager [7031] - The Superfetch service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2011 8:36:34, Error: Service Control Manager [7031] - The Network Connections service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
4/5/2011 8:36:34, Error: Service Control Manager [7031] - The Human Interface Device Access service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:34, Error: Service Control Manager [7031] - The Desktop Window Manager Session Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Internet Connection Sharing (ICS) service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/5/2011 8:36:33, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/5/2011 8:32:59, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
4/4/2011 13:10:13, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
4/4/2011 13:10:13, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
4/4/2011 12:27:53, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: A thread could not be created for the service.
4/4/2011 1:03:30, Error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: A dynamic link library (DLL) initialization routine failed.
4/4/2011 0:53:28, Error: Service Control Manager [7023] - The Shell Hardware Detection service terminated with the following error: Not enough storage is available to process this command.
4/3/2011 8:23:53, Error: Ntfs [137] - The default transaction resource manager on volume V: encountered a non-retryable error and could not start. The data contains the error code.
4/3/2011 7:55:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
4/3/2011 16:40:35, Error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
4/3/2011 1:09:08, Error: Service Control Manager [7034] - The VNC Server Version 4 service terminated unexpectedly. It has done this 1 time(s).
4/3/2011 0:22:49, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
4/2/2011 11:14:00, Error: Ntfs [137] - The default transaction resource manager on volume U: encountered a non-retryable error and could not start. The data contains the error code.
4/2/2011 10:48:48, Error: Microsoft-Windows-SharedAccess_NAT [30013] - The DHCP allocator has disabled itself on IP address 169.254.35.144, since the IP address is outside the 192.168.137.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, change the scope to include the IP address, or change the IP address to fall within the scope.
4/1/2011 20:28:36, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SASKUTIL
4/1/2011 19:33:57, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
4/1/2011 19:17:05, Error: Service Control Manager [7034] - The NMSAccess service terminated unexpectedly. It has done this 1 time(s).
3/30/2011 23:43:57, Error: Ntfs [137] - The default transaction resource manager on volume T: encountered a non-retryable error and could not start. The data contains the error code.
.
==== End Of File ===========================
 
DDS Part 3

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Nader at 9:09:00.01 on Wed 04/06/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2815.1150 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
D:\Program Files\Digidesign\Digidesign\Drivers\MMERefresh.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Avid\Mbox\AudioDevMon.exe
C:\Program Files\Avid\Mbox Mini\AudioDevMon.exe
C:\Program Files\Avid\Mbox Pro\AudioDevMon.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\program files\subversion\bin\svnserve.exe
C:\Windows\system32\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
E:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\system32\vmnetdhcp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
D:\Program Files\EVGA Precision\EVGAPrecision.exe
C:\Program Files\Everything\Everything.exe
C:\Program Files\Google\Google Talk\googletalk.exe
D:\Program Files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
C:\Windows\System32\Ctxfihlp.exe
D:\Program Files\NetWorx\networx.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Spyware Doctor\pctsGui.exe
D:\Program Files\Spyware Doctor\BDT\FGuard.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Nader\Local Settings\Apps\F.lux\flux.exe
C:\Users\Nader\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
D:\Program Files\SugarSync\SugarSyncManager.exe
C:\Program Files\Core Temp.exe
E:\Program Files\No-IP 2.2.1\DUC20.exe
C:\Windows\SYSTEM32\CTXFISPI.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\alg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Users\Nader\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\explorer.exe
E:\Downloads\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\hypercam toolbar\tbcore3.dll
TB: HyperCam Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\hypercam toolbar\tbcore3.dll
TB: &NetWorx Desk Band: {feea54b4-d80f-41c7-87b9-dc08e6d3255f} - d:\progra~1\networx\deskband.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - d:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: Web Test Recorder 10.0: {5802d092-1784-4908-8cdb-99b6842d353d} - mscoree.dll
uRun: [Google Update] "c:\users\nader\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [F.lux] "c:\users\nader\local settings\apps\f.lux\flux.exe" /noshow
uRun: [SugarSync] "d:\program files\sugarsync\SugarSyncManager.exe" -startInTray -usedelay=true
uRun: [Core Temp] "c:\program files\Core Temp.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Everything] "c:\program files\everything\Everything.exe" -startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [openvpn-gui] d:\program files\astaro\astaro ssl vpn client\bin\openvpn-gui.exe
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [DigidesignMMERefresh] d:\program files\digidesign\digidesign\drivers\MMERefresh.exe
mRun: [NetWorx] "d:\program files\networx\networx.exe" /auto
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [avgnt] "d:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [ISTray] "d:\program files\spyware doctor\pctsGui.exe" /hideGUI
mRun: [PCTools FGuard] d:\program files\spyware doctor\bdt\FGuard.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
StartupFolder: c:\users\nader\appdata\roaming\micros~1\windows\startm~1\programs\startup\no-ipd~1.lnk - e:\program files\no-ip 2.2.1\DUC20.exe
mPolicies-explorer: Start_ShowMyMusic = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: d:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 208.67.220.220,208.67.222.222
TCP: {D9E50660-92E0-4EAB-A3C1-A6B4A4ADDFF2} = 208.67.220.220,208.67.222.222
TCP: {DA2F44F1-A8B7-40A0-BB2E-2C81F7C2F71F} = 208.67.220.220,208.67.222.222
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\program files\hmelyofflabs\vhtoolkit\Skype4COM.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: FencesShlExt Class: {1984dd45-52cf-49cd-ab77-18f378fea264} - d:\program files\stardock\fences\FencesMenu.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\nader\appdata\roaming\mozilla\firefox\profiles\1mpuxu2x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
FF - plugin: c:\program files\curl corporation\surge\plugins\np-curl-surge-7-0.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\users\nader\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\nader\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin2.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin3.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin4.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin5.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin6.dll
FF - plugin: d:\program files\quicktime\plugins\npqtplugin7.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-4-3 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-4-3 338880]
R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2011-4-3 656320]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-3-21 147416]
R1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\drivers\nm3.sys [2010-6-9 39736]
R1 PSSDK42;PSSDK42;c:\windows\system32\drivers\pssdk42.sys [2011-1-27 38976]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\avira\antivir desktop\sched.exe [2011-3-30 135336]
R2 AntiVirService;Avira AntiVir Guard;d:\program files\avira\antivir desktop\avguard.exe [2011-3-30 269480]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-30 61960]
R2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\spyware doctor\bdt\BDTUpdateService.exe [2011-4-3 247760]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-19 20328]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-2-12 21992]
R2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\drivers\diginet.sys [2010-6-16 16400]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2010-7-14 47640]
R2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files\avid\mbox\AudioDevMon.exe [2010-10-7 1919504]
R2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files\avid\mbox mini\AudioDevMon.exe [2010-5-6 1919504]
R2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files\avid\mbox pro\AudioDevMon.exe [2010-6-11 1919504]
R2 sdAuxService;PC Tools Auxiliary Service;d:\program files\spyware doctor\pctsAuxs.exe [2011-4-3 366840]
R2 sdCoreService;PC Tools Security Service;d:\program files\spyware doctor\pctsSvc.exe [2011-4-3 1150936]
R2 svn;Subversion Server;c:\program files\subversion\bin\svnserve.exe [2009-10-26 114774]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
R3 MBOX;Service for Avid Mbox;c:\windows\system32\drivers\AvidMbox.sys [2010-10-7 398224]
R3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\drivers\AvidMbox_DFU.sys [2010-10-7 23312]
R3 RTCore32;RTCore32;d:\program files\evga precision\RTCore32.sys [2005-5-25 4608]
R3 SaiK0CCB;SaiK0CCB;c:\windows\system32\drivers\SaiK0CCB.sys [2010-11-17 138760]
R3 SaiU0CCB;SaiU0CCB;c:\windows\system32\drivers\SaiU0CCB.sys [2010-4-22 35336]
S2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;"c:\program files\common files\abbyy\finereader\10.00\licensing\pe\networklicenseserver.exe" -service --> c:\program files\common files\abbyy\finereader\10.00\licensing\pe\NetworkLicenseServer.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-20 136176]
S3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-10-27 6573568]
S3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-10-26 229888]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-9-24 102416]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;"c:\program files\common files\creative labs shared\service\ctaelicensing.exe" --> c:\program files\common files\creative labs shared\service\CTAELicensing.exe [?]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [2009-6-4 171032]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [2009-6-4 1324056]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [2009-6-4 72728]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\program files\steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-3-13 25832]
S3 netr73;ASUS USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 SwitchBoard;Adobe SwitchBoard;d:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VIRUSUSB;USB ASIO driver for Virus TI USB;c:\windows\system32\drivers\VirusUSB.sys [2010-5-27 389696]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\microsoft visual studio 10.0\team tools\performance tools\VSPerfDrv100.sys [2009-12-8 48128]
S3 VTIAUDIO;Virus TI Audio;c:\windows\system32\drivers\vtiaudio.sys [2010-5-27 39488]
S3 VTIMIDEV01;Virus TI MIDI Driver;c:\windows\system32\drivers\vtimidi.sys [2009-5-29 56136]
S3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\microsoft.net\framework\v4.0.30128\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30128\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
.
=============== File Associations ===============
.
exefile="c:\windows\system32\config\systemprofile\appdata\local\knp.exe" -a "%1" %*
.
=============== Created Last 30 ================
.
2011-04-03 20:40:52 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-03 20:40:52 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-03 19:51:06 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-03 19:51:06 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-04-03 19:51:06 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-03 19:51:06 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-03 19:44:46 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-03 19:44:46 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-03 19:44:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-03 19:44:43 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-03 19:44:39 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-03 19:44:29 -------- d-----w- d:\program files\common files\PC Tools
2011-04-03 19:44:29 -------- d-----w- c:\users\nader\appdata\roaming\PC Tools
2011-04-03 19:44:29 -------- d-----w- c:\progra~2\PC Tools
2011-04-03 15:50:59 -------- d-----w- c:\program files\Microsoft WSE
2011-04-02 04:08:47 -------- d-----w- c:\users\nader\appdata\roaming\Guitar Pro 6
2011-04-02 04:08:47 -------- d-----w- c:\progra~2\Guitar Pro 6
2011-04-02 00:29:35 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2011-04-01 01:29:59 98304 ----a-w- d:\program files\common files\system\ole db\msdatl3.dll
2011-03-31 19:52:51 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys
2011-03-30 13:24:09 -------- d-----w- c:\users\nader\appdata\roaming\Avira
2011-03-30 13:19:09 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-30 13:19:08 -------- d-----w- c:\progra~2\Avira
2011-03-29 12:33:58 -------- d-----w- c:\users\nader\appdata\roaming\OfferBox
2011-03-29 03:21:41 -------- d-----w- c:\progra~2\SUPERAntiSpyware.com
2011-03-29 03:21:40 -------- d-----w- c:\users\nader\appdata\roaming\SUPERAntiSpyware.com
2011-03-28 15:18:41 -------- d-----w- c:\users\nader\appdata\roaming\Malwarebytes
2011-03-28 15:18:38 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-27 19:26:12 -------- d-----w- c:\users\nader\appdata\roaming\Sonalksis
2011-03-27 15:01:25 -------- d-----w- C:\AVG10
2011-03-24 01:01:57 -------- d-----w- c:\users\nader\dwhelper
2011-03-22 03:05:08 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-22 03:05:08 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-22 03:04:29 -------- d-----w- c:\program files\iPod
2011-03-22 03:02:10 -------- d-----w- c:\program files\Bonjour
2011-03-22 01:00:16 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2011-03-22 01:00:16 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2011-03-13 14:01:38 -------- d-----w- c:\windows\system32\WinNTDlls
2011-03-13 14:01:38 -------- d-----w- c:\windows\system32\Win98Dlls
.
==================== Find3M ====================
.
2011-02-10 13:41:44 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-22 19:44:08 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2011-01-12 03:57:50 48 ----a-w- c:\windows\system32\msvcsv60.dll
2011-01-08 03:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27:00 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27:00 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27:00 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27:00 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27:00 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 03:27:00 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27:00 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27:00 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 02:06:44 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 02:06:34 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 02:06:14 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 02:06:02 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 02:06:02 111208 ----a-w- c:\windows\system32\nvmctray.dll
2011-01-07 07:27:11 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 05:33:11 294400 ----a-w- c:\windows\system32\atmfd.dll
2009-08-05 17:48:06 378384 ----a-w- c:\program files\Core Temp.exe
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: OCZ-VERT rev.1.4_ -> Harddisk1\DR1 -> \Device\00000086
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: >>UNKNOWN [0x83448000]<< >>UNKNOWN [0x8BCE0000]<< >>UNKNOWN [0x8BCCF000]<< >>UNKNOWN [0x83F57000]<< >>UNKNOWN [0x83D45000]<< >>UNKNOWN [0x83411000]<< >>UNKNOWN [0x87412439]<<
_asm { DEC EBP; POP EDX; NOP ; ADD [EBX], AL; ADD [EAX], AL; ADD [EAX+EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x83484448] -> \Device\Harddisk1\DR1[0x873DBA78]
\Driver\Disk[0x873D7030] -> IRP_MJ_CREATE -> 0x8BCE439F
3 [0x8BCE459E] -> ntkrnlpa!IofCallDriver[0x83484448] -> [0x873D9160]
\Driver\PCTCore[0x862139F8] -> IRP_MJ_CREATE -> 0x83F7A5CE
5 [0x83F68099] -> ntkrnlpa!IofCallDriver[0x83484448] -> [0x8622B7C8]
\Driver\ACPI[0x86277F38] -> IRP_MJ_CREATE -> 0x83D4E4AA
7 [0x83D4E3B2] -> ntkrnlpa!IofCallDriver[0x83484448] -> \00000083[0x86F36C78]
\Driver\nvstor[0x873F8A28] -> IRP_MJ_CREATE -> 0x87412439
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\00000083 -> \??\SCSI#Disk&Ven_OCZ-VERT&Prod_EX#4&4fe3040&0&010100#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user != kernel MBR !!!
sectors 62533294 (+255): user != kernel
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.
.
============= FINISH: 9:09:55.45 ===============
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
TDSKiller report

Hello and thank you for your quick reply. Here are the results of TDSKiller:

2011/04/06 20:45:04.0477 2588 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/06 20:45:04.0829 2588 ================================================================================
2011/04/06 20:45:04.0829 2588 SystemInfo:
2011/04/06 20:45:04.0829 2588
2011/04/06 20:45:04.0830 2588 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/06 20:45:04.0830 2588 Product type: Workstation
2011/04/06 20:45:04.0830 2588 ComputerName: WINDOWS7
2011/04/06 20:45:04.0830 2588 UserName: Nader
2011/04/06 20:45:04.0830 2588 Windows directory: C:\Windows
2011/04/06 20:45:04.0830 2588 System windows directory: C:\Windows
2011/04/06 20:45:04.0830 2588 Processor architecture: Intel x86
2011/04/06 20:45:04.0830 2588 Number of processors: 4
2011/04/06 20:45:04.0830 2588 Page size: 0x1000
2011/04/06 20:45:04.0830 2588 Boot type: Normal boot
2011/04/06 20:45:04.0830 2588 ================================================================================
2011/04/06 20:45:05.0318 2588 Initialize success
2011/04/06 20:45:21.0087 5096 ================================================================================
2011/04/06 20:45:21.0087 5096 Scan started
2011/04/06 20:45:21.0087 5096 Mode: Manual;
2011/04/06 20:45:21.0087 5096 ================================================================================
2011/04/06 20:45:24.0641 5096 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/06 20:45:24.0663 5096 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/06 20:45:24.0677 5096 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/06 20:45:24.0697 5096 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
2011/04/06 20:45:24.0722 5096 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/06 20:45:24.0749 5096 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/06 20:45:24.0775 5096 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/06 20:45:24.0805 5096 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
2011/04/06 20:45:24.0823 5096 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/06 20:45:24.0841 5096 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/04/06 20:45:24.0867 5096 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/06 20:45:24.0920 5096 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/04/06 20:45:24.0936 5096 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/06 20:45:24.0977 5096 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/06 20:45:25.0142 5096 amdkmdag (a91e07a35c0f31da7905f4a79d1ad924) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/06 20:45:25.0313 5096 amdkmdap (baac8ebb76c4cc16a342670263b0ef4d) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/06 20:45:25.0340 5096 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/06 20:45:25.0362 5096 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/06 20:45:25.0388 5096 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/06 20:45:25.0410 5096 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/06 20:45:25.0450 5096 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/04/06 20:45:25.0519 5096 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/04/06 20:45:25.0539 5096 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/06 20:45:25.0591 5096 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/06 20:45:25.0610 5096 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/06 20:45:25.0637 5096 AtiHDAudioService (c8b17ac82ad2ee9e0e58e3461008c5f7) C:\Windows\system32\drivers\AtihdW73.sys
2011/04/06 20:45:25.0682 5096 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/06 20:45:25.0707 5096 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/06 20:45:25.0763 5096 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/04/06 20:45:25.0793 5096 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/04/06 20:45:25.0823 5096 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/04/06 20:45:25.0866 5096 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/06 20:45:25.0891 5096 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/06 20:45:25.0912 5096 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/06 20:45:25.0935 5096 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/06 20:45:25.0993 5096 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/04/06 20:45:26.0017 5096 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/06 20:45:26.0041 5096 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/06 20:45:26.0061 5096 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/06 20:45:26.0090 5096 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/06 20:45:26.0131 5096 CbFs (560c3ac812597d58626d6c92fdc7f58d) C:\Windows\system32\drivers\cbfs.sys
2011/04/06 20:45:26.0155 5096 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/06 20:45:26.0194 5096 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/06 20:45:26.0225 5096 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/06 20:45:26.0258 5096 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/04/06 20:45:26.0296 5096 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/06 20:45:26.0315 5096 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/06 20:45:26.0338 5096 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/04/06 20:45:26.0356 5096 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/06 20:45:26.0375 5096 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/06 20:45:26.0402 5096 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\Windows\system32\drivers\cpuz134_x32.sys
2011/04/06 20:45:26.0420 5096 cpuz135 (c2eb4539a4f6ab6edd01bdc191619975) C:\Windows\system32\drivers\cpuz135_x32.sys
2011/04/06 20:45:26.0438 5096 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/06 20:45:26.0477 5096 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
2011/04/06 20:45:26.0504 5096 CT20XUT (134cdd242af1ae9961f065fba3508a7b) C:\Windows\system32\drivers\CT20XUT.SYS
2011/04/06 20:45:26.0526 5096 CT20XUT.SYS (134cdd242af1ae9961f065fba3508a7b) C:\Windows\System32\drivers\CT20XUT.SYS
2011/04/06 20:45:26.0552 5096 ctac32k (93439baf09ce3c6d4ce55da5b07d1b6a) C:\Windows\system32\drivers\ctac32k.sys
2011/04/06 20:45:26.0590 5096 ctaud2k (6ab74512f09d673452d63ddec9014db5) C:\Windows\system32\drivers\ctaud2k.sys
2011/04/06 20:45:26.0627 5096 ctdvda2k (788db5d99b2ca44ff61d8ed7b3c67c2e) C:\Windows\system32\drivers\ctdvda2k.sys
2011/04/06 20:45:26.0669 5096 CTEXFIFX (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/04/06 20:45:26.0718 5096 CTEXFIFX.SYS (3a9ad039d94be8d955ad0b2cb207378d) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/04/06 20:45:26.0739 5096 CTHWIUT (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/04/06 20:45:26.0757 5096 CTHWIUT.SYS (4602ad8c8e1b285e1a23a957f487da86) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/04/06 20:45:26.0779 5096 ctprxy2k (d42b84671f2193330215d3c375a2e948) C:\Windows\system32\drivers\ctprxy2k.sys
2011/04/06 20:45:26.0797 5096 ctsfm2k (974cfcbe3206367bec1d527d9dade998) C:\Windows\system32\drivers\ctsfm2k.sys
2011/04/06 20:45:26.0843 5096 dc3d (b6672f62f75fb952d7ae7cb4e80011a9) C:\Windows\system32\DRIVERS\dc3d.sys
2011/04/06 20:45:26.0877 5096 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
2011/04/06 20:45:26.0902 5096 DigiNet (e156fd887e1f37c2db7a313cfa6755ae) C:\Windows\system32\DRIVERS\diginet.sys
2011/04/06 20:45:26.0929 5096 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/04/06 20:45:26.0952 5096 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/04/06 20:45:26.0991 5096 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/04/06 20:45:27.0027 5096 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/06 20:45:27.0124 5096 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/04/06 20:45:27.0221 5096 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/06 20:45:27.0245 5096 emupia (04afe5c11777e33178ec11e1fac47b07) C:\Windows\system32\drivers\emupia2k.sys
2011/04/06 20:45:27.0266 5096 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/06 20:45:27.0307 5096 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/04/06 20:45:27.0334 5096 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/04/06 20:45:27.0368 5096 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/06 20:45:27.0397 5096 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/04/06 20:45:27.0418 5096 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/04/06 20:45:27.0443 5096 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/06 20:45:27.0465 5096 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/04/06 20:45:27.0492 5096 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/04/06 20:45:27.0518 5096 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/06 20:45:27.0539 5096 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/06 20:45:27.0559 5096 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/06 20:45:27.0582 5096 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/06 20:45:27.0639 5096 ha20x2k (41fce1833d8f659acc56cb0ee43b2ced) C:\Windows\system32\drivers\ha20x2k.sys
2011/04/06 20:45:27.0679 5096 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2011/04/06 20:45:27.0698 5096 hcmon (18c29504ed5b8b791dd574071f84ad96) C:\Windows\system32\drivers\hcmon.sys
2011/04/06 20:45:27.0717 5096 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/06 20:45:27.0742 5096 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/04/06 20:45:27.0769 5096 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/06 20:45:27.0791 5096 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/06 20:45:27.0811 5096 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/06 20:45:27.0829 5096 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/06 20:45:27.0855 5096 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/06 20:45:27.0895 5096 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/06 20:45:27.0927 5096 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/04/06 20:45:27.0950 5096 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/06 20:45:27.0977 5096 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/06 20:45:28.0000 5096 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/06 20:45:28.0025 5096 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/06 20:45:28.0063 5096 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/06 20:45:28.0082 5096 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/06 20:45:28.0105 5096 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/06 20:45:28.0129 5096 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/06 20:45:28.0150 5096 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/04/06 20:45:28.0180 5096 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/04/06 20:45:28.0200 5096 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/06 20:45:28.0222 5096 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/06 20:45:28.0242 5096 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/06 20:45:28.0264 5096 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/06 20:45:28.0288 5096 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/06 20:45:28.0309 5096 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/06 20:45:28.0351 5096 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/06 20:45:28.0395 5096 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/04/06 20:45:28.0436 5096 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/04/06 20:45:28.0468 5096 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/06 20:45:28.0487 5096 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/06 20:45:28.0506 5096 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/06 20:45:28.0534 5096 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/06 20:45:28.0555 5096 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/04/06 20:45:28.0581 5096 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
2011/04/06 20:45:28.0629 5096 MBOX (87b7dfe7e831186ffa6438b3de1235d9) C:\Windows\system32\DRIVERS\AvidMbox.sys
2011/04/06 20:45:28.0658 5096 MBOXDFU (eb1867dec24977fe8fd273a0ef06f87f) C:\Windows\system32\DRIVERS\AvidMbox_DFU.sys
2011/04/06 20:45:28.0687 5096 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\Windows\system32\DRIVERS\mcdbus.sys
2011/04/06 20:45:28.0712 5096 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/06 20:45:28.0740 5096 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/06 20:45:28.0775 5096 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/04/06 20:45:28.0795 5096 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/06 20:45:28.0815 5096 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/06 20:45:28.0835 5096 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/06 20:45:28.0855 5096 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/04/06 20:45:28.0877 5096 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/06 20:45:28.0898 5096 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/06 20:45:28.0928 5096 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/04/06 20:45:28.0950 5096 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/06 20:45:28.0974 5096 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/06 20:45:28.0995 5096 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/06 20:45:29.0014 5096 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/06 20:45:29.0036 5096 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/06 20:45:29.0070 5096 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/04/06 20:45:29.0091 5096 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/06 20:45:29.0115 5096 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/06 20:45:29.0145 5096 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/06 20:45:29.0165 5096 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/06 20:45:29.0185 5096 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/04/06 20:45:29.0205 5096 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/04/06 20:45:29.0229 5096 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/06 20:45:29.0257 5096 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/04/06 20:45:29.0283 5096 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/06 20:45:29.0308 5096 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/04/06 20:45:29.0335 5096 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/06 20:45:29.0367 5096 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/04/06 20:45:29.0391 5096 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/06 20:45:29.0412 5096 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/06 20:45:29.0432 5096 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/06 20:45:29.0453 5096 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/06 20:45:29.0477 5096 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/04/06 20:45:29.0496 5096 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/06 20:45:29.0518 5096 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/06 20:45:29.0583 5096 netr73 (76b1157ef850830c5ece61d3e591ca8b) C:\Windows\system32\DRIVERS\netr73.sys
2011/04/06 20:45:29.0623 5096 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/06 20:45:29.0659 5096 nm3 (d8f75dc28a480e1ba288f217cc7144d2) C:\Windows\system32\DRIVERS\nm3.sys
2011/04/06 20:45:29.0691 5096 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/04/06 20:45:29.0721 5096 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/06 20:45:29.0763 5096 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
2011/04/06 20:45:29.0808 5096 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/04/06 20:45:29.0836 5096 NVENETFD (b5e37e31c053bc9950455a257526514b) C:\Windows\system32\DRIVERS\nvm62x32.sys
2011/04/06 20:45:30.0079 5096 nvlddmkm (73a70f1d89c942eedd99a3f10459b051) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/06 20:45:30.0368 5096 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/06 20:45:30.0388 5096 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/06 20:45:30.0414 5096 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/06 20:45:30.0442 5096 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/06 20:45:30.0474 5096 ossrv (11b3328d84ed6c11baf4f4f115459ab6) C:\Windows\system32\drivers\ctoss2k.sys
2011/04/06 20:45:30.0515 5096 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/04/06 20:45:30.0534 5096 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/04/06 20:45:30.0560 5096 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/04/06 20:45:30.0592 5096 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/04/06 20:45:30.0615 5096 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/06 20:45:30.0642 5096 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/06 20:45:30.0666 5096 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2011/04/06 20:45:30.0691 5096 PCTCore (995e6bc3bb92bb4a9eb49a663c43b6cb) C:\Windows\system32\drivers\PCTCore.sys
2011/04/06 20:45:30.0722 5096 pctDS (f820b4c61d1e591325b679d479d4eea4) C:\Windows\system32\drivers\pctDS.sys
2011/04/06 20:45:30.0763 5096 pctEFA (acc8c15f3d59f17c5d903ff1de3b43d3) C:\Windows\system32\drivers\pctEFA.sys
2011/04/06 20:45:30.0793 5096 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/04/06 20:45:30.0832 5096 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/04/06 20:45:30.0903 5096 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
2011/04/06 20:45:30.0971 5096 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/06 20:45:30.0997 5096 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/04/06 20:45:31.0041 5096 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/06 20:45:31.0069 5096 PSSDK42 (c8eb36910d3bd582891977e80925e21e) C:\Windows\system32\Drivers\pssdk42.sys
2011/04/06 20:45:31.0093 5096 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
2011/04/06 20:45:31.0140 5096 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/06 20:45:31.0184 5096 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/06 20:45:31.0224 5096 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/06 20:45:31.0246 5096 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/06 20:45:31.0267 5096 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/06 20:45:31.0298 5096 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/06 20:45:31.0323 5096 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/06 20:45:31.0344 5096 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/06 20:45:31.0367 5096 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/06 20:45:31.0392 5096 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/06 20:45:31.0414 5096 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/06 20:45:31.0443 5096 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
2011/04/06 20:45:31.0463 5096 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/06 20:45:31.0496 5096 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/06 20:45:31.0520 5096 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/04/06 20:45:31.0549 5096 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/04/06 20:45:31.0603 5096 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\Windows\system32\DRIVERS\RsFx0103.sys
2011/04/06 20:45:31.0626 5096 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/06 20:45:31.0700 5096 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) D:\Program Files\EVGA Precision\RTCore32.sys
2011/04/06 20:45:31.0767 5096 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/04/06 20:45:31.0793 5096 SaiK0CCB (0f829f274ed65588e4cc4b31d27c00de) C:\Windows\system32\DRIVERS\SaiK0CCB.sys
2011/04/06 20:45:31.0821 5096 SaiMini (646d8be92ecfbfbea9fea7682b0e579a) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/04/06 20:45:31.0844 5096 SaiNtBus (f47b3689cb50c5ee571da6ed1d2ef3c6) C:\Windows\system32\drivers\SaiBus.sys
2011/04/06 20:45:31.0865 5096 SaiU0CCB (d1f108ab310abc483f4ad0a1060668fe) C:\Windows\system32\DRIVERS\SaiU0CCB.sys
2011/04/06 20:45:32.0021 5096 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/06 20:45:32.0053 5096 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/06 20:45:32.0109 5096 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/04/06 20:45:32.0153 5096 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/06 20:45:32.0180 5096 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/04/06 20:45:32.0201 5096 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/06 20:45:32.0259 5096 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/06 20:45:32.0281 5096 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/06 20:45:32.0304 5096 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/06 20:45:32.0325 5096 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/06 20:45:32.0361 5096 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/04/06 20:45:32.0383 5096 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/06 20:45:32.0411 5096 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/06 20:45:32.0432 5096 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/04/06 20:45:32.0480 5096 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/04/06 20:45:32.0535 5096 sptd (87b5595eb1c623ff5887e36a35e51ba2) C:\Windows\system32\Drivers\sptd.sys
2011/04/06 20:45:32.0535 5096 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 87b5595eb1c623ff5887e36a35e51ba2
2011/04/06 20:45:32.0541 5096 sptd - detected Locked file (1)
2011/04/06 20:45:32.0595 5096 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/06 20:45:32.0625 5096 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/06 20:45:32.0653 5096 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/06 20:45:32.0689 5096 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/04/06 20:45:32.0721 5096 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2011/04/06 20:45:32.0751 5096 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/06 20:45:32.0781 5096 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/04/06 20:45:32.0805 5096 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
2011/04/06 20:45:32.0837 5096 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/06 20:45:32.0909 5096 tap0901 (8348170623efa63e8e9a8d234b5d350f) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/06 20:45:32.0979 5096 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
2011/04/06 20:45:33.0035 5096 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/06 20:45:33.0067 5096 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/06 20:45:33.0100 5096 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/04/06 20:45:33.0123 5096 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/04/06 20:45:33.0149 5096 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/06 20:45:33.0176 5096 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/06 20:45:33.0227 5096 TPkd (409a577fd5781c717e55a28717514c58) C:\Windows\system32\drivers\TPkd.sys
2011/04/06 20:45:33.0262 5096 truecrypt (aceb4f4f83b895e15c8c1a2f55009783) C:\Windows\system32\drivers\truecrypt.sys
2011/04/06 20:45:33.0299 5096 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/06 20:45:33.0322 5096 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/06 20:45:33.0345 5096 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/06 20:45:33.0372 5096 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/06 20:45:33.0430 5096 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/06 20:45:33.0452 5096 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/06 20:45:33.0475 5096 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/06 20:45:33.0536 5096 UnlockerDriver5 (bb879dcfd22926efbeb3298129898cbb) D:\Program Files\Unlocker\UnlockerDriver5.sys
2011/04/06 20:45:33.0643 5096 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\Windows\system32\Drivers\usbaapl.sys
2011/04/06 20:45:33.0669 5096 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/04/06 20:45:33.0693 5096 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/06 20:45:33.0717 5096 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/06 20:45:33.0745 5096 usbehci (ff32d4f3ec3c68b2ca61782c7964f54e) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/06 20:45:33.0772 5096 usbhub (b0dfc7b484e0ca0c27bda5433b82d94a) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/06 20:45:33.0796 5096 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/06 20:45:33.0819 5096 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/06 20:45:33.0844 5096 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/06 20:45:33.0868 5096 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/06 20:45:33.0892 5096 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/06 20:45:33.0934 5096 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/06 20:45:33.0964 5096 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/06 20:45:33.0987 5096 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/04/06 20:45:34.0012 5096 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/06 20:45:34.0035 5096 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/04/06 20:45:34.0059 5096 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/04/06 20:45:34.0083 5096 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/06 20:45:34.0113 5096 VIRUSUSB (1e612c9ca73473237c0a08361fb97163) C:\Windows\system32\Drivers\VirusUSB.sys
2011/04/06 20:45:34.0154 5096 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
2011/04/06 20:45:34.0177 5096 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/04/06 20:45:34.0202 5096 vmci (5137e48ad1d6ee1e789a20aa49b793e4) C:\Windows\system32\Drivers\vmci.sys
2011/04/06 20:45:34.0226 5096 vmkbd (415a0bc09e9187e3994508968ffef9bf) C:\Windows\system32\drivers\VMkbd.sys
2011/04/06 20:45:34.0248 5096 VMnetAdapter (898706a05d20b706848a440961c52436) C:\Windows\system32\DRIVERS\vmnetadapter.sys
2011/04/06 20:45:34.0274 5096 VMnetBridge (5692cbd2a25e04c62707bfc311884b65) C:\Windows\system32\DRIVERS\vmnetbridge.sys
2011/04/06 20:45:34.0305 5096 VMnetuserif (24294deae94290431a95bfe0ed5438da) C:\Windows\system32\drivers\vmnetuserif.sys
2011/04/06 20:45:34.0327 5096 vmusb (25017db6451b002158db425961a82b7b) C:\Windows\system32\Drivers\vmusb.sys
2011/04/06 20:45:34.0389 5096 vmx86 (541f40e9cef74b6a7c766f8f0a838d07) C:\Windows\system32\Drivers\vmx86.sys
2011/04/06 20:45:34.0428 5096 vncmirror (efc092b667cbbe3b0a089db902df7ff6) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/04/06 20:45:34.0452 5096 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/06 20:45:34.0480 5096 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/04/06 20:45:34.0508 5096 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/06 20:45:34.0534 5096 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/06 20:45:34.0555 5096 VSPerfDrv100 (5a2ddc5411a092bedb1a07755e087784) C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys
2011/04/06 20:45:34.0691 5096 vstor2-ws60 (70652ddbb219083acda28ca0cb0d6663) E:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
2011/04/06 20:45:34.0718 5096 VTIAUDIO (c61adfbf76446b1ea6a7d3a905618480) C:\Windows\system32\drivers\vtiaudio.sys
2011/04/06 20:45:34.0742 5096 VTIMIDEV01 (cb8e574bfa202240336ed7b655849c7e) C:\Windows\system32\drivers\vtimidi.sys
2011/04/06 20:45:34.0766 5096 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/06 20:45:34.0790 5096 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/06 20:45:34.0835 5096 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/06 20:45:34.0877 5096 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 20:45:34.0897 5096 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/06 20:45:34.0960 5096 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/04/06 20:45:34.0995 5096 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/06 20:45:35.0065 5096 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/04/06 20:45:35.0187 5096 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/06 20:45:35.0242 5096 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/06 20:45:35.0313 5096 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/06 20:45:35.0364 5096 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/04/06 20:45:35.0390 5096 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/06 20:45:35.0642 5096 ================================================================================
2011/04/06 20:45:35.0642 5096 Scan finished
2011/04/06 20:45:35.0642 5096 ================================================================================
2011/04/06 20:45:35.0656 8088 Detected object count: 1
2011/04/06 20:45:42.0317 8088 Locked file(sptd) - User select action: Skip
 
Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
ComboFix Results

ComboFix 11-04-06.03 - Nader 04/07/2011 9:30.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2815.1715 [GMT -4:00]
Running from: c:\users\Nader\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\readme.txt
C:\text.txt
c:\users\Nader\AppData\Roaming\inst.exe
c:\users\Nader\AppData\Roaming\OfferBox
c:\users\Nader\AppData\Roaming\OfferBox\config.xml
c:\windows\Install
c:\windows\system32\msvcsv60.dll
c:\windows\system32\system
c:\windows\UA000106.DLL
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 13:25 . 2011-04-07 13:27 -------- d-----w- C:\32788R22FWJFW
2011-04-03 20:40 . 2010-07-16 18:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-04-03 20:40 . 2010-07-16 18:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-04-03 19:51 . 2011-01-07 18:54 149456 ----a-w- c:\windows\SGDetectionTool.dll
2011-04-03 19:51 . 2011-01-07 18:54 1533904 ----a-w- c:\windows\PCTBDRes.dll
2011-04-03 19:51 . 2011-01-07 18:54 2000848 ----a-w- c:\windows\PCTBDCore.dll
2011-04-03 19:51 . 2011-01-07 18:54 767952 ----a-w- c:\windows\BDTSupport.dll
2011-04-03 19:44 . 2011-01-17 13:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-04-03 19:44 . 2010-12-16 12:38 103232 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2011-04-03 19:44 . 2010-12-10 20:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-04-03 19:44 . 2010-12-10 17:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-04-03 19:44 . 2010-12-16 12:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-04-03 19:44 . 2011-04-03 20:40 -------- d-----w- c:\programdata\PC Tools
2011-04-03 19:44 . 2011-04-03 20:40 -------- d-----w- d:\program files\Common Files\PC Tools
2011-04-03 19:44 . 2011-04-03 19:44 -------- d-----w- c:\users\Nader\AppData\Roaming\PC Tools
2011-04-03 15:50 . 2011-04-03 15:50 -------- d-----w- c:\program files\Microsoft WSE
2011-04-02 04:08 . 2011-04-02 04:10 -------- d-----w- c:\users\Nader\AppData\Roaming\Guitar Pro 6
2011-04-02 04:08 . 2011-04-02 04:10 -------- d-----w- c:\programdata\Guitar Pro 6
2011-04-02 00:29 . 2011-04-02 00:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-04-01 01:29 . 2011-04-01 01:29 8192 ----a-w- d:\program files\Common Files\System\msadc\msadcor.dll
2011-03-31 19:52 . 2009-07-14 11:53 9728 ----a-w- c:\windows\system32\drivers\wfplwf.sys
2011-03-30 13:24 . 2011-03-30 13:24 -------- d-----w- c:\users\Nader\AppData\Roaming\Avira
2011-03-30 13:19 . 2011-03-04 20:11 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-03-30 13:19 . 2011-03-04 18:37 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-30 13:19 . 2011-03-30 13:19 -------- d-----w- c:\programdata\Avira
2011-03-29 03:21 . 2011-03-29 03:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-03-29 03:21 . 2011-03-29 03:21 -------- d-----w- c:\users\Nader\AppData\Roaming\SUPERAntiSpyware.com
2011-03-28 15:18 . 2011-03-28 15:18 -------- d-----w- c:\users\Nader\AppData\Roaming\Malwarebytes
2011-03-28 15:18 . 2011-03-28 15:18 -------- d-----w- c:\programdata\Malwarebytes
2011-03-27 19:26 . 2011-03-27 19:27 -------- d-----w- c:\users\Nader\AppData\Roaming\Sonalksis
2011-03-27 15:01 . 2011-03-27 15:01 -------- d-----w- C:\AVG10
2011-03-24 11:14 . 2011-03-24 11:14 -------- d-----w- c:\programdata\Skype
2011-03-24 01:01 . 2011-03-24 01:02 -------- d-----w- c:\users\Nader\dwhelper
2011-03-22 03:05 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-22 03:05 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-22 03:04 . 2011-03-22 03:04 -------- d-----w- c:\program files\iPod
2011-03-22 03:02 . 2011-03-22 03:02 -------- d-----w- c:\program files\Bonjour
2011-03-22 01:00 . 2007-09-19 20:18 61440 ----a-w- c:\windows\system32\NI_DFD_1_5.dll
2011-03-22 01:00 . 2007-09-19 20:18 393216 ----a-w- c:\windows\system32\NI_IRC_1_2.dll
2011-03-13 14:01 . 2011-03-13 14:01 -------- d-----w- c:\windows\system32\WinNTDlls
2011-03-13 14:01 . 2011-03-13 14:01 -------- d-----w- c:\windows\system32\Win98Dlls
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-10 13:41 . 2011-02-10 13:41 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-27 05:11 . 2011-01-27 05:11 38976 ----a-w- c:\windows\system32\drivers\pssdk42.sys
2011-01-22 19:44 . 2011-01-22 19:42 47104 ----a-w- c:\windows\system32\KMVIDC32.DLL
2011-01-08 03:27 . 2011-02-12 18:19 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-01-08 03:27 . 2011-02-12 18:19 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-01-08 03:27 . 2011-02-12 18:19 57960 ----a-w- c:\windows\system32\OpenCL.dll
2011-01-08 03:27 . 2011-02-12 18:19 5653096 ----a-w- c:\windows\system32\nvwgf2um.dll
2011-01-08 03:27 . 2011-02-12 18:19 4941928 ----a-w- c:\windows\system32\nvcuda.dll
2011-01-08 03:27 . 2011-02-12 18:19 2895976 ----a-w- c:\windows\system32\nvcuvid.dll
2011-01-08 03:27 . 2011-02-12 18:19 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-01-08 03:27 . 2011-02-12 18:19 15047272 ----a-w- c:\windows\system32\nvoglv32.dll
2011-01-08 03:27 . 2011-02-12 18:19 10467656 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2011-01-08 03:27 . 2011-02-12 18:19 10078312 ----a-w- c:\windows\system32\nvd3dum.dll
2011-01-08 03:27 . 2011-02-12 18:19 13011560 ----a-w- c:\windows\system32\nvcompiler.dll
2011-01-08 03:27 . 2011-02-12 18:19 10920 ----a-w- c:\windows\system32\drivers\nvBridge.kmd
2011-01-08 03:27 . 2010-12-08 05:03 1965672 ----a-w- c:\windows\system32\nvapi.dll
2011-01-08 02:06 . 2011-01-08 02:06 580200 ----a-w- c:\windows\system32\easyUpdatusAPIU.dll
2011-01-08 02:06 . 2011-01-08 02:06 3597416 ----a-w- c:\windows\system32\nvcpl.dll
2011-01-08 02:06 . 2011-01-08 02:06 2620520 ----a-w- c:\windows\system32\nvsvc.dll
2011-01-08 02:06 . 2011-01-08 02:06 608872 ----a-w- c:\windows\system32\nvvsvc.exe
2011-01-08 02:06 . 2011-01-08 02:06 111208 ----a-w- c:\windows\system32\nvmctray.dll
2009-08-05 17:48 . 2010-03-06 00:59 378384 ----a-w- c:\program files\Core Temp.exe
2011-03-18 17:53 . 2011-04-03 20:38 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00Zecter]
@="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
[HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
2010-02-09 07:12 681472 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01Zecter]
@="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
[HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
2010-02-09 07:12 681472 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02Zecter]
@="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
[HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
2010-02-09 07:12 681472 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03Zecter]
@="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
[HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
2010-02-09 07:12 681472 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04Zecter]
@="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
[HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
2010-02-09 07:12 681472 ----a-w- c:\program files\Zecter\ZumoDrive\ShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]
@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"
[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]
2011-03-23 04:56 319488 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]
@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"
[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]
2011-03-23 04:56 319488 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]
@="{A759AFF6-5851-457D-A540-F4ECED148351}"
[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]
2011-03-23 04:56 319488 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]
@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"
[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]
2011-03-23 04:56 319488 ----a-w- d:\program files\SugarSync\SugarSyncShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Nader\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-01-20 135664]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-03-26 399736]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
"F.lux"="c:\users\Nader\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
"SugarSync"="d:\program files\SugarSync\SugarSyncManager.exe" [2011-03-23 15921152]
"Core Temp"="c:\program files\Core Temp.exe" [2009-08-05 378384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"openvpn-gui"="d:\program files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe" [2010-03-17 264704]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-06-04 25600]
"DigidesignMMERefresh"="d:\program files\Digidesign\Digidesign\Drivers\MMERefresh.exe" [2010-06-16 77824]
"NetWorx"="d:\program files\NetWorx\networx.exe" [2011-02-15 2771968]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"ISTray"="d:\program files\Spyware Doctor\pctsGui.exe" [2011-01-13 1589208]
"PCTools FGuard"="d:\program files\Spyware Doctor\BDT\FGuard.exe" [2011-01-07 108496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-07-14 8704]
.
c:\users\Nader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
No-IP DUC.lnk - e:\program files\No-IP 2.2.1\DUC20.exe [2010-1-22 1172992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"Start_ShowMyMusic"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "d:\program files\Stardock\Fences\FencesMenu.dll" [2010-06-22 202088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"Midi1"=ma_cmidn.dll
"midi9"=wdmaud.drv
.
R1 SASDIFSV;SASDIFSV;k:\temp\HBCD\SuperAntiSpyware\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;k:\temp\HBCD\SuperAntiSpyware\SASKUTIL.SYS [x]
R2 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2010-09-24 102416]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2009-06-04 171032]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2009-06-04 72728]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;e:\program files\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2010-03-13 25832]
R3 netr73;ASUS USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 SwitchBoard;Adobe SwitchBoard;d:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 VIRUSUSB;USB ASIO driver for Virus TI USB;c:\windows\system32\Drivers\VirusUSB.sys [2010-05-27 389696]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [2009-12-09 48128]
R3 VTIAUDIO;Virus TI Audio;c:\windows\system32\drivers\vtiaudio.sys [2010-05-27 39488]
R3 VTIMIDEV01;Virus TI MIDI Driver;c:\windows\system32\drivers\vtimidi.sys [2009-05-29 56136]
R3 WPFFontCache_v0400;WPFFontCache_v0400;c:\windows\Microsoft.NET\Framework\v4.0.30128\WPF\WPFFontCache_v0400.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-12-10 239168]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2010-07-16 338880]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [2010-07-16 656320]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-11-21 420920]
S1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-02-09 147416]
S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 39736]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2011-01-27 38976]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2011-03-04 135336]
S2 Browser Defender Update Service;Browser Defender Update Service;d:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2011-01-07 247760]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2010-11-09 21992]
S2 DigiNet;Digidesign Ethernet Support;c:\windows\system32\DRIVERS\diginet.sys [2010-06-16 16400]
S2 MboxAudioDevMon;Mbox Audio Device Monitor;c:\program files\Avid\Mbox\AudioDevMon.exe [2010-10-07 1919504]
S2 MboxMiniAudioDevMon;Mbox Mini Audio Device Monitor;c:\program files\Avid\Mbox Mini\AudioDevMon.exe [2010-05-06 1919504]
S2 MboxProAudioDevMon;Mbox Pro Audio Device Monitor;c:\program files\Avid\Mbox Pro\AudioDevMon.exe [2010-06-11 1919504]
S2 sdAuxService;PC Tools Auxiliary Service;d:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-15 366840]
S2 svn;Subversion Server;c:\program files\subversion\bin\svnserve.exe [2009-10-27 114774]
S2 vmci;VMware vmci;c:\windows\system32\Drivers\vmci.sys [2008-10-29 54960]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2009-06-04 171032]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1324056]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2009-06-04 72728]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
S3 MBOX;Service for Avid Mbox;c:\windows\system32\DRIVERS\AvidMbox.sys [2010-10-07 398224]
S3 MBOXDFU;Service for Avid Mbox DFU;c:\windows\system32\DRIVERS\AvidMbox_DFU.sys [2010-10-07 23312]
S3 RTCore32;RTCore32;d:\program files\EVGA Precision\RTCore32.sys [2005-05-25 4608]
S3 SaiK0CCB;SaiK0CCB;c:\windows\system32\DRIVERS\SaiK0CCB.sys [2010-04-22 138760]
S3 SaiU0CCB;SaiU0CCB;c:\windows\system32\DRIVERS\SaiU0CCB.sys [2010-04-22 35336]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - klmd25
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 13:12]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-21 13:12]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781405395-3741976201-142666947-1000Core.job
- c:\users\Nader\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 02:02]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1781405395-3741976201-142666947-1000UA.job
- c:\users\Nader\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-20 02:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: d:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {D9E50660-92E0-4EAB-A3C1-A6B4A4ADDFF2} = 208.67.220.220,208.67.222.222
TCP: {DA2F44F1-A8B7-40A0-BB2E-2C81F7C2F71F} = 208.67.220.220,208.67.222.222
FF - ProfilePath - c:\users\Nader\AppData\Roaming\Mozilla\Firefox\Profiles\1mpuxu2x.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig
.
.
------- File Associations -------
.
exefile="c:\windows\system32\config\systemprofile\AppData\Local\knp.exe" -a "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{C5994560-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994561-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994562-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994563-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994564-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994565-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994566-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994567-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
ShellIconOverlayIdentifiers-{C5994568-53D9-4125-87C9-F193FC689CB2} - c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
HKLM-Run-SunJavaUpdateSched - c:\program files\Common Files\Java\Java Update\jusched.exe
MSConfigStartUp-openvpn-gui - e:\program files\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
AddRemove-Addictive Drums - c:\windows\unvise32.exe
AddRemove-Adobe AIR - c:\program files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe
AddRemove-Microsoft Document Explorer 2008 - c:\program files\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
AddRemove-Microsoft Visual Studio 2005 Tools for Office Runtime - c:\program files\Common Files\Microsoft Shared\VSTO\8.0\Microsoft Visual Studio 2005 Tools for Office Runtime\install.exe
AddRemove-Microsoft Visual Studio 2010 Tools for Office Runtime (x86) - c:\program files\Common Files\Microsoft Shared\VSTO\10.0\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)\install.exe
AddRemove-Silver Efex Pro - c:\program files\Adobe\Adobe Photoshop CS4\Plug-ins\Nik Software\Silver Efex Pro\Uninstall.exe
AddRemove-StarCraft II - c:\program files\Common Files\Blizzard Entertainment\StarCraft II\Uninstall.exe
AddRemove-VisualWebDeveloper - c:\program files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe
.
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7600 Disk: OCZ-VERT rev.1.4_ -> Harddisk1\DR1 -> \Device\00000085
.
device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user != kernel MBR !!!
sectors 62533294 (+255): user != kernel
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-07 09:45:21
ComboFix-quarantined-files.txt 2011-04-07 13:45
.
Pre-Run: 1,522,733,056 bytes free
Post-Run: 1,419,739,136 bytes free
.
- - End Of File - - 0F69B6B224C3B752D4498D4337F2CACA
 
How is redirection?

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.
 
I will test it out tonight when I get home and I will post the results of MBRCheck. Thanks a lot for your help! I appreciate it.
 
Seems Fixed

Hi Broni,

Looks like the redirection issue is fixed from what I can tell - Thanks a bunch!!

The computer hangs when I run MBRCheck, even in safe mode (no bsod, it just hangs). Here's the partial log that it generated:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: EVGA
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: EVGA
System Product Name: 132-CK-NF78
Logical Drives Mask: 0x000005fc

Kernel Drivers (total 143):
0x82616000 \SystemRoot\system32\ntkrnlpa.exe
0x82A26000 \SystemRoot\system32\halmacpi.dll
0x80BCC000 \SystemRoot\system32\kdcom.dll
0x8A224000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8A29C000 \SystemRoot\system32\PSHED.dll
0x8A2AD000 \SystemRoot\system32\BOOTVID.dll
0x8A2B5000 \SystemRoot\system32\CLFS.SYS
0x8A2F7000 \SystemRoot\system32\CI.dll
0x8A419000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8A48A000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8A5A4000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8A5AD000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8A3A2000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8A61B000 \SystemRoot\system32\drivers\fltmgr.sys
0x8A64F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8A657000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8A662000 \SystemRoot\system32\DRIVERS\pci.sys
0x8A68C000 \SystemRoot\System32\drivers\partmgr.sys
0x8A69D000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8A6AD000 \SystemRoot\System32\drivers\volmgrx.sys
0x8A6F8000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8A6FF000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8A70D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8A723000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8A72C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8A74F000 \SystemRoot\system32\DRIVERS\nvstor.sys
0x8A774000 \SystemRoot\system32\DRIVERS\storport.sys
0x8A7BB000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8A7C4000 \SystemRoot\system32\drivers\fileinfo.sys
0x8A802000 \SystemRoot\system32\drivers\PCTCore.sys
0x8A83F000 \SystemRoot\system32\drivers\pctDS.sys
0x8A896000 \SystemRoot\system32\drivers\pctEFA.sys
0x8A93B000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8A945000 \SystemRoot\System32\Drivers\TPkd.sys
0x8AA38000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AB67000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AB92000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8A963000 \SystemRoot\System32\Drivers\cng.sys
0x8ABA5000 \SystemRoot\System32\drivers\pcw.sys
0x8ABB3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8AC02000 \SystemRoot\system32\drivers\ndis.sys
0x8ACB9000 \SystemRoot\system32\drivers\NETIO.SYS
0x8ACF7000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8AE2E000 \SystemRoot\System32\drivers\tcpip.sys
0x8AF77000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8AFA8000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8AFB1000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8AE00000 \SystemRoot\System32\drivers\rdyboost.sys
0x8AD1C000 \SystemRoot\System32\Drivers\mup.sys
0x8AFF8000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8AD2C000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8AD5E000 \SystemRoot\system32\DRIVERS\disk.sys
0x8AD6F000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8AFF0000 \SystemRoot\System32\Drivers\Null.SYS
0x8ADE1000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ADE8000 \SystemRoot\System32\drivers\vga.sys
0x8ABBC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ABDD000 \SystemRoot\System32\drivers\watchdog.sys
0x8ADF4000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ABEA000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8AA00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8AA1F000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8A9C0000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8AA2A000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8ABF8000 \??\C:\Windows\system32\drivers\VMkbd.sys
0x8A9D8000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A498000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8A9E2000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A7D5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8A9F1000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8A4E3000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x8A600000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x8A60E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x8A7F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8A50F000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x8A519000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8A529000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8A536000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x8AC00000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8A553000 \SystemRoot\system32\DRIVERS\ks.sys
0x8A587000 \SystemRoot\system32\DRIVERS\umbus.sys
0x98828000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9886C000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x98876000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9887D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x98888000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x9889B000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x9889D000 \SystemRoot\system32\DRIVERS\SaiU0CCB.sys
0x81B30000 \SystemRoot\System32\win32k.sys
0x988A4000 \SystemRoot\System32\drivers\Dxapi.sys
0x988AE000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x81D80000 \SystemRoot\System32\drivers\dxg.sys
0x988C5000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x81DB0000 \SystemRoot\System32\TSDDD.dll
0x988D0000 \SystemRoot\system32\DRIVERS\SaiK0CCB.sys
0x988F5000 \SystemRoot\system32\DRIVERS\AvidMbox_DFU.sys
0x81A30000 \SystemRoot\System32\framebuf.dll
0x81A40000 \SystemRoot\System32\ATMFD.DLL
0x988FA000 \SystemRoot\system32\drivers\WudfPf.sys
0x98914000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9892A000 \SystemRoot\System32\Drivers\crashdmp.sys
0x98937000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x98941000 \SystemRoot\System32\Drivers\dump_nvstor.sys
0x98966000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x776E0000 \Windows\System32\ntdll.dll
0x47780000 \Windows\System32\smss.exe
0x77920000 \Windows\System32\apisetschema.dll
0x00B70000 \Windows\System32\autochk.exe
0x778D0000 \Windows\System32\ws2_32.dll
0x77610000 \Windows\System32\msctf.dll
0x77880000 \Windows\System32\gdi32.dll
0x774D0000 \Windows\System32\urlmon.dll
0x77820000 \Windows\System32\difxapi.dll
0x77480000 \Windows\System32\Wldap32.dll
0x77450000 \Windows\System32\imagehlp.dll
0x77250000 \Windows\System32\iertutil.dll
0x77240000 \Windows\System32\lpk.dll
0x770E0000 \Windows\System32\ole32.dll
0x77060000 \Windows\System32\comdlg32.dll
0x76F90000 \Windows\System32\user32.dll
0x76EB0000 \Windows\System32\kernel32.dll
0x76EA0000 \Windows\System32\normaliz.dll
0x76250000 \Windows\System32\shell32.dll
0x76230000 \Windows\System32\sechost.dll
0x76130000 \Windows\System32\wininet.dll
0x76120000 \Windows\System32\psapi.dll
0x75F80000 \Windows\System32\setupapi.dll
0x75F20000 \Windows\System32\shlwapi.dll
0x75E90000 \Windows\System32\oleaut32.dll
0x75E80000 \Windows\System32\nsi.dll
0x75DE0000 \Windows\System32\usp10.dll
0x75D30000 \Windows\System32\msvcrt.dll
0x75C80000 \Windows\System32\rpcrt4.dll
0x75BE0000 \Windows\System32\advapi32.dll
0x75BC0000 \Windows\System32\imm32.dll
0x75B30000 \Windows\System32\clbcatq.dll
0x75B00000 \Windows\System32\wintrust.dll
0x75AE0000 \Windows\System32\devobj.dll
0x759C0000 \Windows\System32\crypt32.dll
0x75930000 \Windows\System32\comctl32.dll
0x75900000 \Windows\System32\cfgmgr32.dll
0x758B0000 \Windows\System32\KernelBase.dll
0x758A0000 \Windows\System32\msasn1.dll

Processes (total 21):
0 System Idle Process
4 System
280 C:\Windows\System32\smss.exe
372 csrss.exe
408 C:\Windows\System32\wininit.exe
420 csrss.exe
464 C:\Windows\System32\services.exe
472 C:\Windows\System32\lsass.exe
480 C:\Windows\System32\lsm.exe
540 C:\Windows\System32\winlogon.exe
628 C:\Windows\System32\svchost.exe
704 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\svchost.exe
856 C:\Windows\System32\svchost.exe
896 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\svchost.exe
1244 C:\Windows\explorer.exe
1316 C:\Windows\System32\ctfmon.exe
1620 C:\Windows\System32\dllhost.exe
1668 E:\Downloads\MBRCheck.exe
1676 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`06500000 (NTFS)
\\.\D: --> \\.\PhysicalDrive3 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive4 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive3 at offset 0x000000dc`abd00000 (NTFS)
\\.\H: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\K: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: OCZ-VERTEX, Rev: 1.4
PhysicalDrive3 Model Number: WDC WD1001FALS-00J7B, Rev: 05.0
PhysicalDrive4 Model Number: WDC WD7500AAKS-00RBA, Rev: 30.0
PhysicalDrive2 Model Number: WDC WD1001FALS-00J7B, Rev: 05.0
PhysicalDrive0 Model Number: WDC WD20EADS-00S2B0, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
29 GB \\.\PhysicalDrive1




Log ends here. Not sure why the computer hangs. If you got an idea, let me know.
In any case, thanks again for your help!

Stat1
 
Good news :)

Download Bootkit Remover to your Desktop.

  • You then need to extract the remover.exe file from the RAR using a program capable of extracing RAR compressed files. If you don't have an extraction program, you can use 7-Zip: http://www.7-zip.org/
  • After extracing remover.exe to your Desktop, double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
  • It will show a Black screen with some data on it.
  • Right click on the screen and click Select All.
  • Press CTRL+C
  • Open a Notepad and press CTRL+V
  • Post the output back here.
 
Status
Not open for further replies.

Similar threads

D
Criminals hijacked more than 8,000 trusted domains, sent millions of malicious emails
Replies
2
Views
120
toooooot
T
midian182
Google's AI-powered search can recommend malicious sites, including scams and malware
Replies
6
Views
136
James Ryan
J
D
Rogue Chrome extensions can steal passwords from websites such as Gmail, Amazon & Facebook
Replies
2
Views
384
Eldritch
Eldritch

Latest posts

Back