Is this VIRUS Infection

swarun · #1 April 14th, 2010, 01:46 PM

Hi All,

I run a Windows 7 Ultimate 32 Bit Version Operating system on my PC

I am the only USER on this PC (No other user or guest accounts are active)

My system got slowed down drastically today and I think there is an Infection.

When I open a Chrome browser window, It opens around 10-12 processess.

There are about 8-10 processes of SVCHOST.exe

I dont understand why this is happening, but it feels like an infection.

I use ESET Smart Security 4.0.474.0 (Updated to date). When I tried to run a system scan, it was not going forward and stayed on 0% for 15 mins.

I also have a up to date operating system.

I tried to take a report with HiJackThis but the Log file is not getting generated and comes out with an error.

Can someone please help me with this.

It would have been good if you could see a screenshot but unfortunately, I dont know how to attach a screen shot.

Thanks in advance

AnnMarie · #2 April 14th, 2010, 09:52 PM

Hi swarun. A screenshot wont help and it's perfectly normal to see multiple instances of SVCHOST.exe.

If the problem is malware related, I should be able to see some evidence of this in your startups. Go here and download DDS to your Desktop and doubleclick on DDS to run it. When the scan has finished, two logs will open. Copy and paste both reports in this topic. The logs will be reasonably large so you may have to divide them into sections and make several posts to post them.

swarun · #3 April 16th, 2010, 02:34 PM

Hi Dear AnnMarie,

Thanks a lot for the reply and willingness to look into this matter.

I ran the file and got 2 .txt files as you have instructed.

here is the copy of the DDS.txt file. I will Post the "Attach.Txt" file in a new reply.

DDS.txt-------------------------

DDS (Ver_10-03-17.01) - NTFSx86
Run by Rashmi at 14:24:26.85 on 16/04/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.2037.921 [GMT 1:00]

SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstat ionUpdateService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Virgin Media\HUB\ServicepointService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Virgin Media\HUB\VirginMediaHUB.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Rising\AntiSpyware\RSTray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Innovative Solutions\DriverMax\devices.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10d.ex e
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Rashmi\AppData\Local\Google\Chrome\Applic ation\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Rashmi\Desktop\Chrome Downloads\dds.scr
C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Rising PC Doctor: {98b7c13a-e9cd-4959-8b46-fbeab41e42a8} - c:\windows\system32\UrlFilter.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {56CF4856-ECB4-4E46-A897-A378821F97B9} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [DriverMax] "c:\program files\innovative solutions\drivermax\devices.exe" -agent
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [VirginMediaHUB.exe] "c:\program files\virgin media\hub\VirginMediaHUB.exe" /AUTORUN
mRun: [SAP_WUS_UNT] "c:\program files\sap\sapsetup\setup\updater\NwSapSetupUserNot ificationTool.exe"
mRun: [runeip] "c:\program files\rising\antispyware\rstray.exe" /startup
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: saphtmlp - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: sapr3 - {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files\sap\frontend\sapgui\SAPHTMLP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: kmon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2010-3-23 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-23 125160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2010-2-10 87968]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-11-16 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwf p.sys [2009-12-18 38240]
R2 NWSAPAutoWorkstationUpdateSvc;SAPSetup Automatic Workstation Update Service;c:\program files\sap\sapsetup\setup\updater\NwSapAutoWorkstat ionUpdateService.exe [2010-3-22 185712]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-23 779496]
R2 ServicepointService;ServicepointService;c:\program files\virgin media\hub\ServicepointService.exe [2010-2-22 668912]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-2-11 172328]
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssflt r.sys [2010-2-17 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-04-15 08:23:39 0 d-----w- c:\programdata\Rising
2010-04-15 08:23:36 96880 ------w- c:\windows\system32\KakaTool.dll
2010-04-15 08:23:36 637592 ------w- c:\windows\system32\kmon.dll
2010-04-15 08:23:36 15776 ------w- c:\windows\system32\kknative.exe
2010-04-15 08:23:36 100976 ------w- c:\windows\system32\UrlFilter.dll
2010-04-15 08:22:45 0 d-----w- c:\program files\Rising
2010-04-14 12:19:48 0 d-----w- c:\program files\CCleaner
2010-04-14 12:03:51 551456 ----a-w- c:\windows\system32\RTSndMgr.cpl
2010-04-14 12:03:48 3041568 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-04-14 12:03:48 1749536 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-04-14 12:03:47 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-04-14 12:03:47 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-04-14 12:03:47 2649120 ----a-w- c:\windows\system32\RtkAPO.dll
2010-04-14 12:03:42 307616 ----a-w- c:\windows\system32\FMAPO.dll
2010-04-14 08:54:39 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-04-14 08:54:37 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 08:54:37 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 08:54:37 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-04-14 08:54:32 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-04-14 08:54:31 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-04-14 08:36:03 132608 ----a-w- c:\windows\system32\cabview.dll
2010-04-14 08:36:02 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-04-01 16:08:07 0 d-----w- c:\programdata\Driving Test Success
2010-04-01 16:08:07 0 d-----w- c:\program files\Driving Test Success - All Tests (2009-2010)
2010-04-01 15:06:55 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-04-01 15:06:47 0 d-----w- c:\users\rashmi\appdata\roaming\SUPERAntiSpyware.c om
2010-04-01 15:06:47 0 d-----w- c:\program files\SUPERAntiSpyware
2010-04-01 15:06:04 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-03-31 08:59:58 977920 ----a-w- c:\windows\system32\wininet.dll
2010-03-29 15:15:42 0 ----a-w- C:\m23apdfj.tmp.X
2010-03-29 15:13:21 0 d-----w- c:\users\rashmi\appdata\roaming\Nuance
2010-03-29 14:36:07 0 d-----w- c:\users\rashmi\appdata\roaming\0AF7F9FB6BFAB643C5 BB69DE81D064EC
2010-03-29 14:04:39 0 d-----w- C:\pdf995
2010-03-25 14:29:42 0 d-----w- c:\program files\Your Uninstaller 2010
2010-03-25 07:09:37 0 d-----w- c:\users\rashmi\appdata\roaming\FairStars Recorder
2010-03-25 07:08:43 0 d-----w- c:\program files\FairStars Recorder
2010-03-22 14:34:26 0 d-----w- c:\program files\Driving Theory Test Professional
2010-03-22 12:23:21 3125248 ----a-w- c:\program files\common files\sapxlhelper.dll
2010-03-22 12:23:21 192512 ----a-w- c:\program files\common files\sapconsr3.dll
2010-03-22 12:23:20 626688 ----a-w- c:\program files\common files\sapconsaccess.dll
2010-03-22 12:22:32 0 d-----w- c:\program files\common files\ESRI
2010-03-22 12:22:31 1228800 ----a-w- c:\windows\system32\wdba.dll
2010-03-22 12:21:13 0 d-----w- c:\program files\common files\SAP Shared
2010-03-22 12:20:59 203976 ----a-w- c:\windows\system32\richtx32.ocx
2010-03-22 12:20:59 164144 ----a-w- c:\windows\system32\comct232.ocx
2010-03-22 12:20:59 153600 ----a-w- c:\windows\system32\tlbinf32.dll
2010-03-22 12:20:58 94744 ----a-w- c:\windows\system32\grid32.ocx
2010-03-22 12:20:58 1355776 ----a-w- c:\windows\system32\msvbvm50.dll
2010-03-22 12:20:56 3768320 ----a-w- c:\windows\system32\librfc32.dll
2010-03-22 12:16:26 0 d-----w- c:\program files\SAP
2010-03-22 10:25:55 0 d-----w- c:\program files\Bonjour
2010-03-19 15:09:21 0 d-----w- c:\windows\Profiles
2010-03-19 15:09:20 0 d-----w- c:\users\rashmi\appdata\roaming\URSoft
2010-03-19 15:09:19 0 d---a-w- c:\programdata\TEMP
2010-03-19 14:26:01 32768 ----a-w- c:\windows\system32\REGTOOL5.DLL

==================== Find3M ====================

2010-03-03 12:01:52 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-24 10:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 12:17:58 56 ---ha-w- c:\programdata\ezsidmv.dat
2010-02-17 12:42:20 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-12 11:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 11:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 07:10:14 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-02-10 17:18:34 76118 ----a-w- c:\windows\Huawei ModemsUninstall.exe
2010-02-02 07:45:54 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-26 11:38:24 145760 ----a-w- c:\windows\system32\AERTACap.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-18 23:29:31 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-18 23:29:31 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-18 23:29:30 369152 ----a-w- c:\windows\system32\secproc.dll
2010-01-18 23:28:33 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-18 23:28:33 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-18 23:28:30 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-18 23:28:30 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-17 23:17:02 37140 ----a-w- c:\windows\fonts\CaviarDreams_BoldItalic.ttf
2010-01-17 23:15:42 36212 ----a-w- c:\windows\fonts\CaviarDreams.ttf
2010-01-17 23:14:52 35220 ----a-w- c:\windows\fonts\CaviarDreams_Bold.ttf
2010-01-17 21:32:42 40148 ----a-w- c:\windows\fonts\CaviarDreamsItalic.ttf
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2007-12-11 09:55:14 40960 ----a-w- c:\program files\common files\DigitalSignature.ocx
2007-12-11 09:55:14 1229312 ----a-w- c:\program files\common files\SAPActiveXL_nosig.xlt
2007-12-11 09:55:14 1167872 ----a-w- c:\program files\common files\SAPActiveXL.xlt
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe

============= FINISH: 14:24:59.95 ===============

swarun · #4 April 16th, 2010, 02:38 PM

Dear AnnMarie,

Please find a copy of the "attach.txt" file.

Thanks again for the time and effort to look into this. Appreciate it.

Regards,
Swarun

__________________________________________________ __
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/02/2010 16:46:15
System Uptime: 16/04/2010 13:22:50 (1 hours ago)

Motherboard: Dell Inc. | | 0RY007
Processor: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz | Socket 775 | 2200/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 59 GiB total, 16.699 GiB free.
D: is FIXED (NTFS) - 39 GiB total, 30.046 GiB free.
E: is FIXED (NTFS) - 30 GiB total, 30.243 GiB free.
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable
K: is CDROM ()
L: is FIXED (NTFS) - 105 GiB total, 16.899 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP122: 15/04/2010 22:28:01 - Windows Update

==== Installed Programs ======================

7-Zip 9.10 beta
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Camtasia Studio 6
DivX Plus Web Player
DriverMax 5
Driving Test Success - All Tests (2009-2010)
Driving Theory Test Professional v2.1.0.0
ESET Smart Security
FairStars Recorder 3.32
Google Chrome
Google Talk (remove only)
Huawei modem
ImgBurn
Intel(R) TV Wizard
iTunes
Java(TM) 6 Update 15
JDownloader
Junk Mail filter update
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook Gadgets for Windows SideShow
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft redistributable runtime DLLs VS2005 SP1(x86)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
QuickTime
Rapport
Realtek High Definition Audio Driver
Rising PC Doctor
SAP Business Explorer
SAP GUI 7.10
SAPSetup Automatic Workstation Update Service
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Skype™ Beta 4.2
SUPERAntiSpyware Professional
Tansee iPod Transfer v5.0
TeamViewer 5
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb981433)
VC80CRTRedist - 8.0.50727.4053
Veoh Web Player
Virgin Media HUB 3.5.12
VLC media player 1.0.5
WebEx Recorder and Player
Win7codecs
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Mobile Device Center
WinRAR archiver
Yahoo! Messenger
Your Uninstaller! 2010

==== Event Viewer Messages From Past Week ========

16/04/2010 09:45:21, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
15/04/2010 12:28:08, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
15/04/2010 09:57:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
15/04/2010 09:57:18, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
15/04/2010 09:46:36, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
15/04/2010 09:46:06, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.
15/04/2010 09:45:35, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
15/04/2010 08:44:33, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.
15/04/2010 03:23:52, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
14/04/2010 21:45:33, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
14/04/2010 21:45:33, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
09/04/2010 00:52:52, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The security account manager (SAM) or local security authority (LSA) server was in the wrong state to perform the security operation. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
09/04/2010 00:52:52, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
09/04/2010 00:52:52, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

==== End Of File ===========================

AnnMarie · #5 April 17th, 2010, 12:08 AM

pcs365_1, I have removed your email address from your posts. Please do not post it again or I might suspect you are spamming our board and take appropriate measures.

swarun, I would like to see one more log please.

Download the latest version of Gmer (Download EXE) from here to your Desktop.

When you have done this, close all running programs including those in your notification area (bottom righthand corner of your screen) and doubleclick on Gmer.exe to run it. Click on the Rootkit/Malware tab and look at the righthand side (under Files) and uncheck all drives with the exception of your C drive and then click on Scan (before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan). When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Save the file and copy the information and post it here please.

Warning! Please do not select the "Show all" checkbox during the scan

swarun · #6 April 17th, 2010, 07:51 PM

Hi AnnMarie,

Here is the copy of the GMER log

I am dividing it into multiple parts.

Thanks again.

GMER log PART-1

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-04-17 19:37:54
Windows 6.1.7600
Running: sj922np1.exe; Driver: C:\Users\Rashmi\AppData\Local\Temp\kwtdakog.sys

---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwAssignProcessToJobObject [0x8ED81D92]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwCreateFile [0x8ED8249E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteFile [0x8ED825EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteKey [0x8ED85D58]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwDeleteValueKey [0x8ED85D8A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenFile [0x8ED8254E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenProcess [0x8ED81ED6]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwOpenThread [0x8ED820C8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwProtectVirtualMemory [0x8ED821FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwQueryValueKey [0x8ED85E62]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRenameKey [0x8ED85DCC]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwReplaceKey [0x8ED85DFE]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwRestoreKey [0x8ED85E30]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetContextThread [0x8ED81D40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetInformationFile [0x8ED8264A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSetValueKey [0x8ED85CF0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwSuspendThread [0x8ED81CE4]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateProcess [0x8ED81C40]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys ZwTerminateThread [0x8ED81C88]

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83820634
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83820898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83838F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 838391A8

AnnMarie · #7 April 18th, 2010, 12:16 AM

Dont forget to post the rest of the log swarun.

swarun · #8 April 18th, 2010, 09:00 AM

GMER log PART-2

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83451599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 83475F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 8347D7AC 4 Bytes [92, 1D, D8, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F8 8347D808 4 Bytes [9E, 24, D8, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 388 8347D898 8 Bytes JMP 588ED825
.text ntkrnlpa.exe!RtlSidHashLookup + 398 8347D8A8 4 Bytes [8A, 5D, D8, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 4BC 8347D9CC 4 Bytes [4E, 25, D8, 8E]
.text ...
? System32\Drivers\spcp.sys The system cannot find the path specified. !
.text tcpip.sys 89910400 5 Bytes CALL 8990B75D \SystemRoot\System32\drivers\tcpip.sys (TCP/IP Driver/Microsoft Corporation)
.text tcpip.sys 89910406 10 Bytes [C0, 0F, 84, CF, 00, 00, 00, ...]
.text tcpip.sys 89910411 16 Bytes [02, 00, 00, 75, 0E, 56, E8, ...]
.text tcpip.sys 89910422 56 Bytes [00, 00, 83, 7E, 08, 06, 75, ...]
.text tcpip.sys 8991045B 122 Bytes [3A, 75, 11, 8B, 4D, 38, 66, ...]
.text ...
.text USBPORT.SYS!DllUnload 8F58CCA0 5 Bytes JMP 86B6D1D8
.text a0hio71x.SYS 962A0000 12 Bytes [44, 38, 82, 83, EE, 36, 82, ...]
.text a0hio71x.SYS 962A000D 9 Bytes [17, 82, 83, 48, 3B, 82, 83, ...]
.text a0hio71x.SYS 962A0017 170 Bytes [00, DE, 07, 3A, 89, E6, 05, ...]
.text a0hio71x.SYS 962A00C3 8 Bytes [00, 00, 00, 00, 00, 00, 00, ...] {ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL}
.text a0hio71x.SYS 962A00CE 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text ...
.text peauth.sys 9861DC9D 28 Bytes [0F, 9F, 1B, 28, 5B, B4, CD, ...]
.text peauth.sys 9861DCC1 28 Bytes [0F, 9F, 1B, 28, 5B, B4, CD, ...]
.text shell32.dll!StrChrW + F528 7638F200 43 Bytes [85, 1A, D4, F5, FF, 8B, 4D, ...]
.text shell32.dll!StrChrW + F57F 7638F257 4 Bytes [0F, 85, 13, 04]
.text shell32.dll!StrChrW + F585 7638F25D 51 Bytes [8B, 06, FF, 50, 38, FF, 75, ...]
.text shell32.dll!DAD_DragEnterEx + 5 7638F291 36 Bytes [00, 90, 90, 90, 90, 90, 8B, ...]
.text shell32.dll!DAD_DragEnterEx + 2A 7638F2B6 58 Bytes [45, 14, 8B, 55, 08, 53, 8B, ...]
.text shell32.dll!DAD_DragEnterEx + 65 7638F2F1 34 Bytes [C8, 0F, 84, 22, B8, FE, FF, ...]
.text shell32.dll!DAD_DragEnterEx + 88 7638F314 1 Byte [50]
.text shell32.dll!DAD_DragEnterEx + 88 7638F314 91 Bytes [50, 8B, 01, 68, 58, B4, 2C, ...]
.text ...
.text shell32.dll!Shell_GetImageLists + 18 7639192E 52 Bytes CALL 762A1CA9 \Windows\System32\shell32.dll (Windows Shell Common Dll/Microsoft Corporation)
.text shell32.dll!Shell_GetImageLists + 4D 76391963 2 Bytes [FF, 55]
.text shell32.dll!Shell_GetImageLists + 50 76391966 74 Bytes [EC, 83, EC, 0C, A1, AC, 9F, ...]
.text shell32.dll!Shell_GetImageLists + 9E 763919B4 15 Bytes [90, 8B, FF, 55, 8B, EC, 56, ...]
.text shell32.dll!Shell_GetImageLists + AE 763919C4 47 Bytes [14, 50, 68, B4, 16, 2D, 76, ...]
.text ...
.text shell32.dll!SHMapPIDLToSystemImageListIndex + 1A 76392315 68 Bytes [7D, 0C, 85, C0, 0F, 85, 15, ...]
.text shell32.dll!SHMapPIDLToSystemImageListIndex + 70 7639236B 4 Bytes [8B, FF, 53, 56] {MOV EDI, EDI; PUSH EBX; PUSH ESI}
.text shell32.dll!SHMapPIDLToSystemImageListIndex + 75 76392370 124 Bytes [F1, 8D, 5E, 30, 8B, 03, F7, ...]
.text shell32.dll!SHMapPIDLToSystemImageListIndex + F2 763923ED 31 Bytes [44, F7, D8, 1B, C0, 25, FB, ...]
.text shell32.dll!SHMapPIDLToSystemImageListIndex + 112 7639240D 21 Bytes [75, 08, 89, 46, 18, 8B, 45, ...]
.text ...
.text shell32.dll!SignalFileOpen + 36 763946DC 76 Bytes [15, 40, 1C, 23, 76, 39, 5D, ...]
.text shell32.dll!SignalFileOpen + 83 76394729 64 Bytes [75, F8, 57, FF, 15, BC, 18, ...]
.text shell32.dll!SignalFileOpen + C4 7639476A 81 Bytes [6C, 00, 65, 00, 4F, 00, 70, ...]
.text shell32.dll!SignalFileOpen + 116 763947BC 2 Bytes [F4, FF]
.text shell32.dll!SignalFileOpen + 119 763947BF 3 Bytes [C0, 7C, 5B]
.text ...
.text shell32.dll!SHGetTemporaryPropertyForItem + 19 763BF2DE 41 Bytes [5D, 10, 56, 57, 8B, 7D, 0C, ...]
.text shell32.dll!SHGetTemporaryPropertyForItem + 43 763BF308 22 Bytes [FF, 51, 20, 8B, F0, 85, F6, ...]
.text shell32.dll!SHGetTemporaryPropertyForItem + 5A 763BF31F 123 Bytes [45, F8, 8B, 08, 50, FF, 51, ...]
.text shell32.dll!SHGetTemporaryPropertyForItem + D6 763BF39B 4 Bytes [00, 69, 00, 62]
.text shell32.dll!SHGetTemporaryPropertyForItem + DB 763BF3A0 65 Bytes [6C, 00, 65, 00, 00, 00, 90, ...]
.text ...
.text shell32.dll!SHCreateDataObject + B6 763C28B2 27 Bytes [C0, 8D, 43, EC, 83, C3, 08, ...]
.text shell32.dll!SHCreateDataObject + D2 763C28CE 40 Bytes [45, E4, FF, 75, BC, 89, 45, ...]
.text shell32.dll!SHCreateDataObject + FB 763C28F7 107 Bytes [FF, FF, 83, FA, 0C, 0F, 84, ...]
.text shell32.dll!SHCreateDataObject + 167 763C2963 101 Bytes [0F, B7, 05, 8C, B0, 5F, 76, ...]
.text shell32.dll!SHCreateDataObject + 1CD 763C29C9 93 Bytes [15, 10, 13, 23, 76, 8B, F0, ...]
.text ...
.text shell32.dll!SHGetAttributesFromDataObject + 92 763C3580 84 Bytes [FF, 51, 1C, 8B, 45, F8, 8B, ...]
.text shell32.dll!SHGetAttributesFromDataObject + E7 763C35D5 26 Bytes CALL 1625030D
.text shell32.dll!SHGetAttributesFromDataObject + 102 763C35F0 37 Bytes [FF, FF, EB, C4, 85, C0, 7D, ...]
.text shell32.dll!SHGetAttributesFromDataObject + 128 763C3616 3 Bytes [74, 00, 41] {JZ 0x2; INC ECX}
.text shell32.dll!SHGetAttributesFromDataObject + 12C 763C361A 1 Byte [74]
.text ...
.text user32.dll!InitializeLpkHooks + D6C 75DA0A00 37 Bytes [75, FF, D6, A1, F4, 90, DE, ...]
.text user32.dll!InitializeLpkHooks + D92 75DA0A26 16 Bytes [FF, 35, 10, 91, DE, 75, FF, ...]
.text user32.dll!InitializeLpkHooks + DA3 75DA0A37 166 Bytes [FF, 35, 10, 91, DE, 75, FF, ...]
.text user32.dll!User32InitializeImmEntryTable + 66 75DA0ADE 37 Bytes [8D, 85, F4, FD, FF, FF, 50, ...]
.text user32.dll!SetProcessDPIAware + 3 75DA0B04 1 Byte [00]
.text user32.dll!SetProcessDPIAware + 3 75DA0B04 19 Bytes [00, 00, A2, 80, 90, DE, 75, ...]
.text user32.dll!SetProcessDPIAware + 17 75DA0B18 64 Bytes [00, BA, 00, 03, FE, 7F, FF, ...]
.text user32.dll!SetProcessDPIAware + 58 75DA0B59 47 Bytes [7C, 15, 8B, 45, F4, 6B, C0, ...]
.text user32.dll!SetProcessDPIAware + 8A 75DA0B8B 4 Bytes [C3, 83, 7D, 0C]
.text ...
.text user32.dll!CharUpperW + 11 75DA0C83 2 Bytes [F7, C6]
.text user32.dll!CharUpperW + 15 75DA0C87 6 Bytes [FF, FF, 0F, 85, 2A, 01]
.text user32.dll!CharUpperW + 1D 75DA0C8F 32 Bytes [6A, 01, 8D, 45, 08, 50, 6A, ...]
.text user32.dll!CharUpperW + 3E 75DA0CB0 72 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!MBToWCSEx + 44 75DA0CF9 32 Bytes [8B, 75, 14, 0F, 85, F4, D7, ...]
.text user32.dll!MBToWCSEx + 65 75DA0D1A 27 Bytes [57, FF, 75, 0C, 8D, 45, 10, ...]
.text user32.dll!MBToWCSEx + 81 75DA0D36 11 Bytes CALL D3356B9A
.text user32.dll!MBToWCSEx + 8D 75DA0D42 8 Bytes [90, 90, 90, 90, 90, B8, 15, ...]
.text user32.dll!MBToWCSEx + 97 75DA0D4C 1 Byte [BA]
.text ...
.text user32.dll!ScrollDC + 11 75DA0D6C 13 Bytes [39, 75, 0C, 75, 09, 39, 75, ...]
.text user32.dll!ScrollDC + 1F 75DA0D7A 25 Bytes [5E, 5D, EB, C9, 90, 90, 90, ...]
.text user32.dll!CharUpperBuffW + 11 75DA0D94 9 Bytes [56, FF, 75, 08, 56, FF, 75, ...]
.text user32.dll!CharUpperBuffW + 1B 75DA0D9E 1 Byte [02]
.text user32.dll!CharUpperBuffW + 1E 75DA0DA1 1 Byte [68]
.text user32.dll!CharUpperBuffW + 1E 75DA0DA1 3 Bytes [68, 00, 04]
.text user32.dll!CharUpperBuffW + 23 75DA0DA6 13 Bytes [FF, 15, 68, 14, D8, 75, 85, ...]
.text ...
.text user32.dll!CharUpperA + 12 75DA0DF0 2 Bytes [F7, C6]
.text user32.dll!CharUpperA + 16 75DA0DF4 7 Bytes [FF, FF, 0F, 84, 78, 17, 01]
.text user32.dll!CharUpperA + 1E 75DA0DFC 20 Bytes [8B, C6, 8D, 50, 01, 8A, 08, ...]
.text user32.dll!CharUpperA + 33 75DA0E11 191 Bytes [00, 8B, 45, 08, 5E, C9, C2, ...]
.text user32.dll!CharUpperBuffA + B2 75DA0ED1 479 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text user32.dll!DrawFrame + 69 75DA10B1 458 Bytes [89, 7D, 10, 0F, 84, CC, 6C, ...]
.text user32.dll!DisplayConfigGetDeviceInfo + D2 75DA127C 29 Bytes [46, 3B, C6, 0F, 8D, DF, FE, ...]
.text user32.dll!DisplayConfigGetDeviceInfo + F0 75DA129A 5 Bytes [FF, 15, C0, 12, D8]
.text user32.dll!DisplayConfigGetDeviceInfo + F6 75DA12A0 23 Bytes [3B, C7, 0F, 84, FD, 2B, 02, ...]
.text user32.dll!DisplayConfigGetDeviceInfo + 10E 75DA12B8 15 Bytes [A1, 98, 90, DE, 75, 3B, C6, ...]
.text user32.dll!DisplayConfigGetDeviceInfo + 11E 75DA12C8 19 Bytes [8B, 0D, 8C, 90, DE, 75, 3B, ...]
.text ...
.text user32.dll!SetWindowContextHelpId + 16 75DA1759 12 Bytes [C7, 45, FC, 68, 17, DA, 75, ...] {MOV DWORD [EBP-0x4], 0x75da1768; JMP 0xdc}

swarun · #9 April 18th, 2010, 09:05 AM

GMER log PART-3

.text user32.dll!SetWindowContextHelpId + 23 75DA1766 9 Bytes [90, 90, 67, 00, 66, 00, 65, ...]
.text user32.dll!SetWindowContextHelpId + 2D 75DA1770 19 Bytes [63, 00, 62, 00, 00, 00, F6, ...]
.text user32.dll!SetWindowContextHelpId + 41 75DA1784 37 Bytes [00, 8D, 85, 7C, FF, FF, FF, ...]
.text user32.dll!SetWindowContextHelpId + 67 75DA17AA 96 Bytes [F2, 81, E6, 08, 07, 00, 00, ...]
.text ...
.text user32.dll!ClipCursor + 24 75DA19A3 18 Bytes JMP 75D8D5D2 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!LoadMenuA + 2 75DA19B6 5 Bytes [55, 8B, EC, 6A, 00] {PUSH EBP; MOV EBP, ESP; PUSH 0x0}
.text user32.dll!LoadMenuA + A 75DA19BE 27 Bytes [6A, 04, FF, 75, 08, FF, 15, ...]
.text user32.dll!LoadMenuA + 26 75DA19DA 35 Bytes [33, C0, EB, F8, 81, F9, 32, ...]
.text user32.dll!LoadMenuA + 4A 75DA19FE 11 Bytes [81, F9, 38, 01, 00, 00, 0F, ...]
.text user32.dll!LoadMenuA + 56 75DA1A0A 22 Bytes JMP 75D8E0D9 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!CreateDialogParamA + 32 75DA3EAB 26 Bytes [DE, 75, 85, C0, 74, 1C, 6A, ...]
.text user32.dll!CreateDialogParamA + 4D 75DA3EC6 119 Bytes [D8, FF, 15, AC, 90, DE, 75, ...]
.text user32.dll!CreateDialogParamA + C5 75DA3F3E 30 Bytes [58, 3B, C8, 76, 02, 89, 06, ...]
.text user32.dll!CreateDialogParamA + E4 75DA3F5D 20 Bytes [00, FF, 75, 10, FF, 76, 0C, ...]
.text user32.dll!CreateDialogParamA + F9 75DA3F72 50 Bytes CALL 75DA3F81 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!IsDialogMessage + 43 75DA40BD 18 Bytes CALL 75D96F04 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!IsDialogMessage + 56 75DA40D0 26 Bytes CALL 75D8E97E \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!IsDialogMessage + 71 75DA40EB 151 Bytes JMP 75DC4EB3 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!IsDialogMessage + 109 75DA4183 50 Bytes [EC, 83, EC, 10, 8B, 45, 08, ...]
.text user32.dll!IsDialogMessage + 13C 75DA41B6 1 Byte [00]
.text ...
.text user32.dll!ToUnicodeEx + 20 75DA4224 13 Bytes [00, 85, C0, 0F, 84, 94, 00, ...]
.text user32.dll!ToUnicodeEx + 2E 75DA4232 9 Bytes [90, 90, 90, 90, 90, B8, 57, ...]
.text user32.dll!ToUnicodeEx + 38 75DA423C 1 Byte [BA]
.text user32.dll!ToUnicodeEx + 38 75DA423C 9 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!ToUnicodeEx + 42 75DA4246 33 Bytes CALL 75D9769F \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!SetMenuItemBitmaps + 13 75DA428B 21 Bytes [EC, 8D, 45, D0, 50, 8B, 45, ...]
.text user32.dll!SetMenuItemBitmaps + 29 75DA42A1 238 Bytes [00, 00, FF, 75, 08, C7, 45, ...]
.text user32.dll!GetMenuItemRect + B1 75DA4390 79 Bytes [76, 05, 2B, 48, 10, 03, C8, ...]
.text user32.dll!GetMenuItemRect + 101 75DA43E0 9 Bytes [89, 45, F8, 3B, C7, 0F, 84, ...]
.text user32.dll!GetMenuItemRect + 10C 75DA43EB 19 Bytes [50, FF, 15, C8, 14, D8, 75, ...]
.text user32.dll!GetMenuItemRect + 120 75DA43FF 20 Bytes [8B, 4D, D4, 83, F9, 01, 74, ...]
.text user32.dll!GetMenuItemRect + 136 75DA4415 57 Bytes CALL 75DA4D2C \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!SetClipboardData + 2E 75DA49A7 51 Bytes [FF, 75, 08, C7, 45, F8, 01, ...]
.text user32.dll!SetClipboardData + 62 75DA49DB 1 Byte [08]
.text user32.dll!SetClipboardData + 62 75DA49DB 6 Bytes [08, FF, 35, 90, 90, DE]
.text user32.dll!SetClipboardData + 69 75DA49E2 24 Bytes [FF, 15, 30, 11, D8, 75, 8B, ...]
.text user32.dll!SetClipboardData + 82 75DA49FB 31 Bytes [8B, 45, 08, 89, 46, 04, 8B, ...]
.text ...
.text user32.dll!EmptyClipboard + 5 75DA4A2D 15 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!EmptyClipboard + 15 75DA4A3D 15 Bytes JMP 75D879DD \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!EmptyClipboard + 25 75DA4A4D 87 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!EmptyClipboard + 7D 75DA4AA5 21 Bytes [55, 8B, EC, 83, 7D, 20, 00, ...]
.text user32.dll!EmptyClipboard + 93 75DA4ABB 211 Bytes [75, 1C, FF, 75, 18, FF, 75, ...]
.text user32.dll!GetClipboardData + 48 75DA4B8F 1 Byte [00]
.text user32.dll!GetClipboardData + 4B 75DA4B92 70 Bytes [8B, 48, 08, 3B, 4D, F4, 74, ...]
.text user32.dll!GetClipboardData + 92 75DA4BD9 75 Bytes CALL BDF9C052
.text user32.dll!GetClipboardData + DE 75DA4C25 50 Bytes [00, 8B, 3E, 74, 06, 56, E8, ...]
.text user32.dll!GetClipboardData + 112 75DA4C59 40 Bytes [45, 08, 83, 65, F8, 00, 83, ...]
.text ...
.text user32.dll!EnumClipboardFormats + 1A 75DA4DB2 48 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!EnumClipboardFormats + 4B 75DA4DE3 111 Bytes [FF, 74, 0C, 83, 7E, 14, 00, ...]
.text user32.dll!EnumClipboardFormats + BB 75DA4E53 5 Bytes [75, 14, FF, 75, 10] {JNZ 0x16; PUSH DWORD [EBP+0x10]}
.text user32.dll!EnumClipboardFormats + C1 75DA4E59 34 Bytes [75, 0C, FF, 75, 08, FF, 55, ...]
.text user32.dll!EnumClipboardFormats + E4 75DA4E7C 36 Bytes [00, 00, 8B, 58, 10, 53, E8, ...]
.text ...
.text user32.dll!ReplyMessage + 8 75DA5A58 10 Bytes CALL 75D9F09D \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!ReplyMessage + 13 75DA5A63 34 Bytes JMP 75DA609C \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!ReplyMessage + 36 75DA5A86 109 Bytes [84, 5A, 27, FF, FF, E9, 7F, ...]
.text user32.dll!DeregisterShellHookWindow + F 75DA5AF4 23 Bytes [5D, C2, 04, 00, 66, 8B, 10, ...]
.text user32.dll!DeregisterShellHookWindow + 27 75DA5B0C 37 Bytes [0F, 8D, DD, 08, 02, 00, 29, ...]
.text user32.dll!DeregisterShellHookWindow + 4D 75DA5B32 11 Bytes [C0, 74, 1A, 48, 83, 7D, F0, ...] {SAL BYTE [EDX+EBX+0x48], 0x83; JGE 0xfffffffffffffff7; ADD [EDI], CL; TEST AL, DL}
.text user32.dll!DeregisterShellHookWindow + 5B 75DA5B40 95 Bytes [66, 8B, 11, 66, 89, 16, 46, ...]
.text user32.dll!DeregisterShellHookWindow + BB 75DA5BA0 50 Bytes [56, 3B, 05, 1C, 91, DE, 75, ...]
.text ...
.text user32.dll!wvsprintfW + 2B 75DA5EE5 55 Bytes [00, 66, 85, C0, 74, 27, 53, ...]
.text user32.dll!wvsprintfW + 64 75DA5F1E 16 Bytes [00, 2B, 45, F0, 33, CD, 5E, ...]
.text user32.dll!wvsprintfW + 75 75DA5F2F 111 Bytes [4D, E0, 33, FF, 6A, 02, 89, ...]
.text user32.dll!wvsprintfW + E6 75DA5FA0 8 Bytes [66, 83, F8, 74, 0F, 84, B0, ...]
.text user32.dll!wvsprintfW + F0 75DA5FAA 9 Bytes [66, 83, F8, 6C, 0F, 85, 3B, ...]
.text ...
.text user32.dll!wsprintfW + 46 75DA6167 64 Bytes [33, D2, 6A, 10, 5B, 66, 39, ...]
.text user32.dll!wsprintfW + 87 75DA61A8 57 Bytes [8B, 40, FC, 89, 45, F4, 89, ...]
.text user32.dll!wsprintfW + C1 75DA61E2 10 Bytes [29, 45, F0, 89, 45, D0, 0F, ...]
.text user32.dll!wsprintfW + CC 75DA61ED 29 Bytes [FF, 29, 45, EC, 29, 45, E4, ...]
.text user32.dll!wsprintfW + EA 75DA620B 39 Bytes [39, 45, D8, 0F, 85, 0B, 04, ...]
.text ...
.text user32.dll!CreateCursor + 60 75DA6329 23 Bytes [33, C0, EB, F5, 8D, 45, 08, ...]
.text user32.dll!CreateCursor + 78 75DA6341 18 Bytes [00, 00, 8B, 4D, 08, 8D, 45, ...]
.text user32.dll!CreateCursor + 8B 75DA6354 38 Bytes [FF, 1F, F7, E1, 52, 50, E8, ...]
.text user32.dll!CreateCursor + B2 75DA637B 28 Bytes [75, F0, 6A, 08, FF, 35, 90, ...]
.text user32.dll!CreateCursor + CF 75DA6398 23 Bytes [FF, 75, 08, FF, 75, 14, 57, ...]
.text ...
.text user32.dll!WinHelpA + A0 75DA6684 2 Bytes [75, 10] {JNZ 0x12}
.text user32.dll!WinHelpA + A3 75DA6687 35 Bytes CALL 75DA652A \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!WinHelpA + C9 75DA66AD 52 Bytes [85, C0, 0F, 85, C0, B7, 01, ...]
.text user32.dll!WinHelpA + FE 75DA66E2 7 Bytes [57, 00, 49, 00, 4E, 00, 48]
.text user32.dll!WinHelpA + 106 75DA66EA 3 Bytes [45, 00, 4C]
.text ...
.text user32.dll!WinHelpW + 12 75DA673D 27 Bytes [89, 7D, F0, 89, 7D, F4, 89, ...]
.text user32.dll!WinHelpW + 2E 75DA6759 7 Bytes [00, 0F, 83, 7A, B7, 01, 00]
.text user32.dll!WinHelpW + 36 75DA6761 11 Bytes [45, 14, 50, FF, 75, 10, FF, ...]
.text user32.dll!WinHelpW + 42 75DA676D 5 Bytes CALL 75DA65E4 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!WinHelpW + 49 75DA6774 69 Bytes [F0, 3B, DF, 0F, 85, 8E, B8, ...]
.text user32.dll!SendNotifyMessageA + 6 75DA67BA 72 Bytes [45, 0C, 6A, 01, 68, B7, 02, ...]
.text user32.dll!SendNotifyMessageA + 4F 75DA6803 32 Bytes [F6, 74, 0A, 83, 26, 00, 56, ...]
.text user32.dll!SendNotifyMessageA + 70 75DA6824 37 Bytes JMP 75D943CE \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SendNotifyMessageA + 96 75DA684A 150 Bytes [F7, 45, 0C, 00, 10, 00, 00, ...]
.text user32.dll!SendNotifyMessageA + 12D 75DA68E1 27 Bytes [00, 00, A1, 08, 91, DE, 75, ...]
.text ...

swarun · #10 April 18th, 2010, 09:06 AM

GMER log PART-4

.text user32.dll!FreeDDElParam + 1 75DA6B30 10 Bytes [FF, 55, 8B, EC, 8B, 45, 08, ...]
.text user32.dll!FreeDDElParam + C 75DA6B3B 33 Bytes [00, 74, 12, 3D, E3, 03, 00, ...]
.text user32.dll!FreeDDElParam + 2E 75DA6B5D 8 Bytes [4F, 0E, 00, 00, 85, C0, 74, ...] {DEC EDI; PUSH CS; ADD [EAX], AL; TEST EAX, EAX; JZ 0x1a}
.text user32.dll!FreeDDElParam + 37 75DA6B66 73 Bytes [75, 0C, FF, 15, F8, 14, D8, ...]
.text user32.dll!FreeDDElParam + 81 75DA6BB0 34 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text ...
.text user32.dll!DdeGetData + 38 75DA6C7B 44 Bytes [00, 00, 89, 45, 08, 85, C0, ...]
.text user32.dll!DdeGetData + 65 75DA6CA8 9 Bytes [2B, C6, 39, 5D, 0C, 0F, 85, ...]
.text user32.dll!DdeGetData + 70 75DA6CB3 47 Bytes [8B, D8, 68, 00, 92, DE, 75, ...]
.text user32.dll!DdeGetData + A1 75DA6CE4 13 Bytes [A8, 19, DC, 75, AC, 19, DC, ...] {TEST AL, 0x19; FDIV QWORD [EBP-0x54]; SBB ESP, EBX; JNZ 0xffffffffffffff99; NOP ; NOP ; NOP ; NOP }
.text user32.dll!DdeGetData + AF 75DA6CF2 113 Bytes [FF, 55, 8B, EC, A1, F0, 99, ...]
.text ...
.text user32.dll!ReuseDDElParam + 36 75DA76C1 7 Bytes [00, 5F, 5E, 5B, 5D, C2, 14]
.text user32.dll!ReuseDDElParam + 3E 75DA76C9 84 Bytes [8B, 55, 10, 3B, D0, 0F, 84, ...]
.text user32.dll!PackDDElParam + 40 75DA771E 50 Bytes [00, FF, 15, 18, 15, D8, 75, ...]
.text user32.dll!PackDDElParam + 74 75DA7752 123 Bytes [00, 83, 65, F4, 00, 6A, 00, ...]
.text user32.dll!PackDDElParam + F0 75DA77CE 72 Bytes CALL 75D992A9 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!PackDDElParam + 13A 75DA7818 12 Bytes CALL 75DA782C \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!PackDDElParam + 14B 75DA7829 1 Byte [04]
.text ...
.text user32.dll!UnpackDDElParam + 1F 75DA7974 15 Bytes [0F, 87, F2, 5F, 01, 00, 56, ...]
.text user32.dll!UnpackDDElParam + 2F 75DA7984 122 Bytes [85, C0, 8B, 45, 10, 0F, 84, ...]
.text user32.dll!DdeQueryStringW + 18 75DA79FF 48 Bytes [FF, 75, 10, FF, 75, 0C, FF, ...]
.text user32.dll!DdeQueryStringW + 49 75DA7A30 39 Bytes [FF, 00, 53, 8B, 5D, 0C, 56, ...]
.text user32.dll!DdeQueryStringW + 71 75DA7A58 66 Bytes CALL 75D86816 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DdeQueryStringW + B4 75DA7A9B 12 Bytes [00, 89, 85, F8, FD, FF, FF, ...]
.text user32.dll!DdeQueryStringW + C1 75DA7AA8 141 Bytes [68, 00, 92, DE, 75, FF, 15, ...]
.text ...
.text user32.dll!DdeCreateDataHandle + 1C 75DA7C3E 76 Bytes [15, 24, 11, D8, 75, FF, 75, ...]
.text user32.dll!DdeCreateDataHandle + 69 75DA7C8B 43 Bytes [00, 50, 51, 56, 57, FF, 75, ...]
.text user32.dll!DdeCreateDataHandle + 95 75DA7CB7 19 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!DdeFreeDataHandle + F 75DA7CCB 27 Bytes [FF, 15, 24, 11, D8, 75, 6A, ...]
.text user32.dll!DdeFreeDataHandle + 2B 75DA7CE7 14 Bytes [00, 0F, 85, 68, 9E, 01, 00, ...]
.text user32.dll!DdeFreeDataHandle + 3C 75DA7CF8 3 Bytes [8B, F8, 56] {MOV EDI, EAX; PUSH ESI}
.text user32.dll!DdeFreeDataHandle + 40 75DA7CFC 16 Bytes [15, 20, 11, D8, 75, 8B, C7, ...] {ADC EAX, 0x75d81120; MOV EAX, EDI; POP EDI; POP ESI; POP EBP; RET 0x4; NOP ; NOP ; NOP }
.text user32.dll!DdeFreeDataHandle + 52 75DA7D0E 32 Bytes [8B, FF, 55, 8B, EC, 56, 6A, ...]
.text ...
.text user32.dll!GetClipboardFormatNameW + 1 75DA7EB3 93 Bytes [FF, 55, 8B, EC, 5D, E9, 7C, ...]
.text user32.dll!IsCharAlphaNumericA + 4F 75DA7F11 1 Byte [02]
.text user32.dll!IsCharAlphaNumericA + 4F 75DA7F11 6 Bytes [02, 0F, 85, 93, D4, 01]
.text user32.dll!IsCharAlphaNumericA + 57 75DA7F19 64 Bytes [C7, 5F, 5E, C9, C2, 04, 00, ...]
.text user32.dll!IsCharAlphaNumericA + 98 75DA7F5A 10 Bytes [33, C0, AB, AB, AB, AB, EB, ...] {XOR EAX, EAX; STOSD ; STOSD ; STOSD ; STOSD ; JMP 0xffffffffffffffea; NOP ; NOP }
.text user32.dll!IsCharAlphaNumericA + A5 75DA7F67 6 Bytes [B8, 38, 13, 00, 00, BA]
.text ...
.text user32.dll!SfmDxSetSwapChainBindingStatus + E 75DA80DE 29 Bytes [00, 90, 90, 90, 90, 90, B8, ...]
.text user32.dll!HungWindowFromGhostWindow + 4 75DA80FC 29 Bytes [00, BA, 00, 03, FE, 7F, FF, ...]
.text user32.dll!RegisterGhostWindow + E 75DA811A 30 Bytes [59, BC, FE, FF, 5D, C2, 08, ...]
.text user32.dll!InternalGetWindowIcon + 12 75DA8139 28 Bytes [03, FE, 7F, FF, 12, C2, 08, ...]
.text user32.dll!mouse_event + 11 75DA8157 1 Byte [F8]
.text user32.dll!mouse_event + 11 75DA8157 50 Bytes [F8, 00, 89, 45, F4, 8B, 45, ...]
.text user32.dll!mouse_event + 44 75DA818A 17 Bytes JMP 75D8ED3E \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!mouse_event + 56 75DA819C 80 Bytes [01, 00, 90, 90, 90, 90, 90, ...]
.text user32.dll!ChangeDisplaySettingsExA + 36 75DA81ED 72 Bytes [FC, 8D, 45, F0, 50, FF, 15, ...]
.text user32.dll!ChangeDisplaySettingsExA + 7F 75DA8236 8 Bytes [8B, C3, 5E, 5F, 5B, C9, C2, ...]
.text user32.dll!ChangeDisplaySettingsExA + 88 75DA823F 60 Bytes [53, 56, FF, 15, 58, 11, D8, ...]
.text user32.dll!ChangeDisplaySettingsExA + C5 75DA827C 37 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!ChangeDisplaySettingsExA + EB 75DA82A2 39 Bytes [00, FF, 35, 90, 90, DE, 75, ...]
.text ...
.text user32.dll!DwmGetDxSharedSurface + 12 75DA831C 2 Bytes [FF, 75]
.text user32.dll!DwmGetDxSharedSurface + 15 75DA831F 4 Bytes [C7, 45, FC, 20]
.text user32.dll!DwmGetDxSharedSurface + 1A 75DA8324 127 Bytes CALL 75DA82F4 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DwmGetDxSharedSurface + 9A 75DA83A4 112 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text user32.dll!EnumDisplaySettingsExA + 41 75DA8415 39 Bytes [15, EC, 10, D8, 75, 57, 8D, ...]
.text user32.dll!EnumDisplaySettingsExA + 69 75DA843D 54 Bytes [B7, 46, 26, BB, DC, 00, 00, ...]
.text user32.dll!EnumDisplaySettingsExA + A0 75DA8474 44 Bytes [5F, 44, 66, 8B, 46, 26, 57, ...]
.text user32.dll!EnumDisplaySettingsExA + CD 75DA84A1 16 Bytes [1D, 94, 10, D8, 75, 66, 85, ...] {SBB EAX, 0x75d81094; TEST AX, AX; JNZ 0x1f070; PUSH 0x0}
.text user32.dll!EnumDisplaySettingsExA + DE 75DA84B2 1 Byte [20]
.text ...
.text user32.dll!VkKeyScanA + 41 75DA8634 23 Bytes [00, 8B, 40, 34, 3D, 7F, 05, ...]
.text user32.dll!VkKeyScanA + 59 75DA864C 17 Bytes [F4, FD, FF, FF, 50, FF, B5, ...]
.text user32.dll!VkKeyScanA + 6B 75DA865E 51 Bytes [B5, F0, FD, FF, FF, FF, 70, ...]
.text user32.dll!VkKeyScanA + 9F 75DA8692 2 Bytes [65, F8]
.text user32.dll!VkKeyScanA + A2 75DA8695 53 Bytes [83, 65, FC, 00, 8D, 48, 08, ...]
.text user32.dll!SetMessageQueue + 3 75DA86CB 70 Bytes [C2, 04, 00, 33, C0, E9, 52, ...]
.text user32.dll!CreateMDIWindowW + 24 75DA8713 108 Bytes CALL 75D90E4E \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateMDIWindowW + 91 75DA8780 18 Bytes JMP 75DA88DB \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateMDIWindowW + A4 75DA8793 1 Byte [00]
.text user32.dll!CreateMDIWindowW + A4 75DA8793 48 Bytes JMP 75DB23D8 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateMDIWindowW + D5 75DA87C4 35 Bytes [90, 90, 90, 90, 90, B8, 34, ...]
.text user32.dll!SetMagnificationLensCtxInformation + B 75DA87E8 4 Bytes [12, C2, 10, 00] {ADC AL, DL; ADC [EAX], AL}
.text user32.dll!SetMagnificationLensCtxInformation + 12 75DA87EF 33 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text user32.dll!SetMagnificationLensCtxInformation + 34 75DA8811 1 Byte [00]
.text user32.dll!SetMagnificationLensCtxInformation + 34 75DA8811 9 Bytes [00, 00, 85, DB, 0F, 84, A6, ...]
.text user32.dll!SetMagnificationLensCtxInformation + 3E 75DA881B 49 Bytes [83, 3B, 28, 0F, 85, 9D, AA, ...]
.text user32.dll!GetMagnificationLensCtxInformation + 5 75DA884D 29 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!GetMagnificationLensCtxInformation + 23 75DA886B 50 Bytes [50, FF, 15, 7C, 12, D8, 75, ...]
.text user32.dll!VkKeyScanExA + 1A 75DA889E 91 Bytes [35, 68, 9A, DE, 75, FF, 15, ...]
.text user32.dll!DdeInitializeA + 11 75DA88FA 6 Bytes [FF, 75, 10, FF, 75, 0C] {PUSH DWORD [EBP+0x10]; PUSH DWORD [EBP+0xc]}
.text user32.dll!DdeInitializeA + 18 75DA8901 10 Bytes CALL 75D85EE1 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DdeInitializeA + 23 75DA890C 24 Bytes [8B, 45, 0C, 80, 38, 00, 0F, ...]
.text user32.dll!DdeInitializeA + 3F 75DA8928 47 Bytes [90, 8B, FF, 55, 8B, EC, 83, ...]
.text user32.dll!InsertMenuItemA + 12 75DA8958 118 Bytes [F2, 99, FE, FF, 85, C0, 74, ...]
.text user32.dll!InsertMenuItemA + 89 75DA89CF 3 Bytes [C9, 74, C9] {LEAVE ; JZ 0xffffffffffffffcc}
.text user32.dll!InsertMenuItemA + 8D 75DA89D3 54 Bytes [48, 10, 6A, 00, 03, C8, 51, ...]
.text user32.dll!InsertMenuItemA + C4 75DA8A0A 13 Bytes [FF, FF, 85, C0, 74, 8B, 8B, ...]
.text user32.dll!InsertMenuItemA + D2 75DA8A18 48 Bytes [00, C7, 45, D8, 00, 40, 00, ...]
.text ...
.text user32.dll!SetMenuItemInfoA + 4E 75DA8CD9 70 Bytes [3B, C3, 0F, 84, 27, 02, 02, ...]
.text user32.dll!SetMenuItemInfoA + 95 75DA8D20 10 Bytes JMP 75DB413F \Windows\System32\user32.dll (Multi-User

swarun · #11 April 18th, 2010, 09:08 AM

GMER log PART-5

Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SetMenuItemInfoA + A0 75DA8D2B 6 Bytes [00, 00, 6A, 00, 6A, 00] {ADD [EAX], AL; PUSH 0x0; PUSH 0x0}
.text user32.dll!SetMenuItemInfoA + A7 75DA8D32 19 Bytes [75, EC, 68, 27, 01, 00, 00, ...]
.text user32.dll!GetWindowTextLengthA + 2 75DA8D46 3 Bytes [55, 8B, EC] {PUSH EBP; MOV EBP, ESP}
.text user32.dll!GetWindowTextLengthA + 6 75DA8D4A 7 Bytes [4D, 08, 56, E8, 5E, F9, FE]
.text user32.dll!GetWindowTextLengthA + E 75DA8D52 22 Bytes [8B, F0, 85, F6, 74, 18, 56, ...]
.text user32.dll!GetWindowTextLengthA + 25 75DA8D69 29 Bytes CALL 75D97541 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetWindowTextLengthA + 43 75DA8D87 7 Bytes [75, 0C, 6A, 00, E8, 25, 7F]
.text ...
.text user32.dll!CreateAcceleratorTableA + 3B 75DA8E0B 147 Bytes CALL 75D8AC69 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateAcceleratorTableA + CF 75DA8E9F 99 Bytes [00, C7, 45, FC, FE, FF, FF, ...]
.text user32.dll!CreateAcceleratorTableA + 133 75DA8F03 38 Bytes [4C, 00, 00, 00, 51, 83, C0, ...]
.text user32.dll!CreateAcceleratorTableA + 15A 75DA8F2A 72 Bytes [85, 97, DE, 01, 00, E9, 33, ...]
.text user32.dll!GetClipboardFormatNameA + 12 75DA8F73 31 Bytes [35, 90, 90, DE, 75, FF, 15, ...]
.text user32.dll!GetClipboardFormatNameA + 32 75DA8F93 42 Bytes [FF, 8B, F0, 3B, F3, 74, 19, ...]
.text user32.dll!GetClipboardFormatNameA + 5D 75DA8FBE 47 Bytes [15, 34, 11, D8, 75, 8B, C6, ...]
.text user32.dll!SetDlgItemTextA + 1D 75DA8FEE 21 Bytes [5D, C2, 0C, 00, 33, C0, EB, ...]
.text user32.dll!AdjustWindowRect + 9 75DA9004 5 Bytes [00, 00, 83, 78, 40]
.text user32.dll!AdjustWindowRect + F 75DA900A 4 Bytes [0F, 84, C1, FE]
.text user32.dll!AdjustWindowRect + 15 75DA9010 37 Bytes [6A, 00, FF, 75, 10, FF, 75, ...]
.text user32.dll!GetOpenClipboardWindow + 7 75DA9036 14 Bytes [03, FE, 7F, FF, 12, C3, 90, ...] {ADD EDI, ESI; JG 0x3; ADC AL, BL; NOP ; NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP}
.text user32.dll!IsDlgButtonChecked + 4 75DA9045 47 Bytes [EC, FF, 75, 0C, FF, 75, 08, ...]
.text user32.dll!IsDlgButtonChecked + 35 75DA9076 38 Bytes [38, 55, 14, 0F, 85, 1B, FE, ...]
.text user32.dll!IsDlgButtonChecked + 5D 75DA909E 100 Bytes [3C, 81, 0F, 84, B2, 4B, 01, ...]
.text user32.dll!DefDlgProcA + 2C 75DA9103 7 Bytes [09, 48, 04, E9, 9B, 07, FE]
.text user32.dll!DefDlgProcA + 34 75DA910B 45 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!CreateDialogIndirectParamA + 29 75DA9139 34 Bytes [00, 00, FF, 75, 08, E8, 09, ...]
.text user32.dll!SendDlgItemMessageA + F 75DA915C 20 Bytes [FF, 00, 00, 74, 22, FF, 75, ...]
.text user32.dll!SendDlgItemMessageA + 24 75DA9171 5 Bytes [75, 18, FF, 75, 14] {JNZ 0x1a; PUSH DWORD [EBP+0x14]}
.text user32.dll!SendDlgItemMessageA + 2A 75DA9177 7 Bytes [75, 10, 50, E8, A9, 3A, FE]
.text user32.dll!SendDlgItemMessageA + 32 75DA917F 19 Bytes [5D, C2, 14, 00, 33, C0, EB, ...]
.text user32.dll!SendDlgItemMessageA + 46 75DA9193 13 Bytes [80, 00, 00, 0F, 85, 76, EB, ...]
.text ...
.text user32.dll!CreateIcon + 10 75DA942C 21 Bytes CALL 75D8EE29 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateIcon + 26 75DA9442 69 Bytes [B8, 8B, C6, 99, 83, C4, 0C, ...]
.text user32.dll!CreateIcon + 6C 75DA9488 95 Bytes [39, 5D, 18, 0F, 85, 96, 0F, ...]
.text user32.dll!IsCharUpperW + 1B 75DA94E8 29 Bytes [84, 72, D2, 01, 00, 0F, B6, ...]
.text user32.dll!LoadImageA + 9 75DA9506 99 Bytes [00, FF, FF, 0F, 85, 6D, F8, ...]
.text user32.dll!LoadImageA + 6D 75DA956A 45 Bytes [FF, 74, 0D, 56, FF, 75, 08, ...]
.text user32.dll!LoadImageA + 9B 75DA9598 4 Bytes [00, 00, 3B, D0] {ADD [EAX], AL; CMP EDX, EAX}
.text user32.dll!LoadImageA + A0 75DA959D 4 Bytes [82, A4, AB, 00]
.text user32.dll!LoadImageA + A5 75DA95A2 28 Bytes [68, A7, 02, 00, 00, 51, E8, ...]
.text ...
.text user32.dll!DrawTextA + A 75DAA48C 33 Bytes [83, 7D, 10, FF, 7C, 1E, 8B, ...]
.text user32.dll!DrawTextA + 2D 75DAA4AF 58 Bytes [00, C9, C2, 14, 00, 90, 90, ...]
.text user32.dll!DrawTextExA + 31 75DAA4EA 52 Bytes CALL 75DA0CB2 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DrawTextExA + 66 75DAA51F 36 Bytes [56, FF, 75, FC, FF, 75, 08, ...]
.text user32.dll!DrawTextExA + 8B 75DAA544 2 Bytes [FF, 35]
.text user32.dll!DrawTextExA + 8F 75DAA548 17 Bytes [DE, 75, FF, 15, 34, 11, D8, ...]
.text user32.dll!DrawTextExA + A1 75DAA55A 7 Bytes [90, 90, 00, 00, 68, 33, 01]
.text ...
.text user32.dll!CreateMDIWindowA + 14 75DAAC63 37 Bytes [75, 1C, FF, 75, 18, FF, 75, ...]
.text user32.dll!CreateMDIWindowA + 3B 75DAAC8A 12 Bytes CALL 75D986B0 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateMDIWindowA + 49 75DAAC98 14 Bytes [C9, 39, 5D, 14, 0F, 95, C1, ...]
.text user32.dll!CreateMDIWindowA + 58 75DAACA7 4 Bytes JMP 75DB413F \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateMDIWindowA + 5D 75DAACAC 191 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!IsCharAlphaA + BB 75DAAD6C 5 Bytes [4D, F0, FF, 4D, E8] {DEC EBP; LOCK DEC DWORD [EBP-0x18]}
.text user32.dll!IsCharAlphaA + C2 75DAAD73 47 Bytes JMP 75D95F53 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!IsCharAlphaA + F2 75DAADA3 30 Bytes [F4, 90, DE, 75, 53, 57, 8D, ...]
.text user32.dll!IsCharAlphaA + 111 75DAADC2 72 Bytes [0F, 84, 80, CD, 01, 00, 3B, ...]
.text user32.dll!IsCharAlphaA + 15A 75DAAE0B 61 Bytes CALL EB67B18C
.text ...
.text user32.dll!DrawFrameControl + 22 75DAD323 68 Bytes CALL 75D98669 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DrawFrameControl + 67 75DAD368 25 Bytes [D0, FF, FF, FF, 00, 00, 00, ...]
.text user32.dll!DrawFrameControl + 82 75DAD383 123 Bytes CALL 75D98E5D \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DrawFrameControl + FF 75DAD400 3 Bytes [8B, FF, 55] {MOV EDI, EDI; PUSH EBP}
.text user32.dll!DrawFrameControl + 103 75DAD404 16 Bytes [EC, 8B, 4D, 08, 56, E8, A2, ...] {IN AL, DX ; MOV ECX, [EBP+0x8]; PUSH ESI; CALL 0xfffffffffffeb2ac; MOV ESI, EAX; TEST ESI, ESI; JZ 0x50}
.text ...
.text user32.dll!EditWndProc 75DAD4D3 22 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...]
.text user32.dll!EditWndProc + 17 75DAD4EA 12 Bytes [00, 00, 33, C9, 89, 45, F8, ...]
.text user32.dll!EditWndProc + 24 75DAD4F7 75 Bytes [89, 4D, FC, 3B, D0, 0F, 87, ...]
.text user32.dll!EditWndProc + 70 75DAD543 66 Bytes [84, 16, EB, FF, FF, 85, F6, ...]
.text user32.dll!EditWndProc + B4 75DAD587 110 Bytes [85, CE, FF, FF, 48, 0F, 84, ...]
.text ...
.text user32.dll!CopyAcceleratorTableA + 2 75DB0492 14 Bytes [55, 8B, EC, 53, 56, FF, 75, ...]
.text user32.dll!CopyAcceleratorTableA + 11 75DB04A1 68 Bytes CALL 75DB4912 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CopyAcceleratorTableA + 56 75DB04E6 60 Bytes [FF, F7, 46, 4C, 00, 00, 04, ...]
.text user32.dll!CopyAcceleratorTableA + 93 75DB0523 86 Bytes JMP 75DADE79 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CopyAcceleratorTableA + EA 75DB057A 36 Bytes [3F, FF, FF, 81, F9, 9D, 02, ...]
.text ...
.text user32.dll!ExcludeUpdateRgn + 28 75DB080C 133 Bytes JMP 75D88B73 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!ExcludeUpdateRgn + AE 75DB0892 184 Bytes [88, 84, 0A, 00, 00, 8B, 80, ...]
.text user32.dll!CreateDialogIndirectParamW + 9E 75DB094B 17 Bytes [DB, 0F, 8E, 35, 29, 00, 00, ...]
.text user32.dll!CreateDialogIndirectParamW + B0 75DB095D 187 Bytes CALL 75DB09B5 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateDialogIndirectParamW + 16D 75DB0A1A 28 Bytes [3B, C1, 0F, 84, BF, 8A, FD, ...]
.text user32.dll!CreateDialogIndirectParamW + 18A 75DB0A37 3 Bytes JMP 75D89BB9 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateDialogIndirectParamW + 18F 75DB0A3C 37 Bytes JMP 75D8447E \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!GetDlgItemTextW + 9 75DB0AA0 15 Bytes CALL 75D8850E \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetDlgItemTextW + 19 75DB0AB0 33 Bytes [75, 14, FF, 75, 10, 50, E8, ...]
.text user32.dll!CheckRadioButton + 2 75DB0AD2 10 Bytes [55, 8B, EC, 8B, 4D, 08, E8, ...]
.text user32.dll!CheckRadioButton + D 75DB0ADD 56 Bytes [85, C0, 74, E2, 56, 8B, 70, ...]
.text user32.dll!CheckRadioButton + 46 75DB0B16 81 Bytes [45, 14, 6A, 00, 0F, 94, C1, ...]
.text user32.dll!GetDlgItemInt + 37 75DB0B68 10 Bytes [FF, 51, FF, 75, 0C, 50, E8, ...]
.text user32.dll!GetDlgItemInt + 42 75DB0B73 24 Bytes [85, C0, 0F, 84, B4, 00, 00, ...]
.text user32.dll!GetDlgItemInt + 5B 75DB0B8C 107 Bytes [D4, 00, 00, 57, 89, 9D, 38, ...]
.text user32.dll!GetDlgItemInt + C7 75DB0BF8 10 Bytes [00, 00, 33, DB, EB, CC, 39, ...]
.text user32.dll!GetDlgItemInt + D2 75DB0C03 11 Bytes [FF, 0F, 85, 4F, D4, 00, 00, ...]
.text ...

swarun · #12 April 18th, 2010, 09:11 AM

GMER log PART-6

.text user32.dll!ValidateRect + 4 75DB0D2C 17 Bytes [00, BA, 00, 03, FE, 7F, FF, ...]
.text user32.dll!VkKeyScanExW + 2 75DB0D3E 94 Bytes [55, 8B, EC, 6A, 01, FF, 75, ...]
.text user32.dll!VkKeyScanExW + 61 75DB0D9D 43 Bytes [8D, 48, 50, 8B, 41, 04, F7, ...]
.text user32.dll!VkKeyScanExW + 8D 75DB0DC9 34 Bytes [00, 00, 83, EC, 20, 56, 8B, ...]
.text user32.dll!VkKeyScanExW + B0 75DB0DEC 19 Bytes [8B, 4D, 0C, 8B, 51, 08, B8, ...]
.text user32.dll!VkKeyScanExW + C4 75DB0E00 131 Bytes [01, 04, 00, 00, 8B, 55, F8, ...]
.text ...
.text user32.dll!SetSystemMenu + 5 75DB1224 29 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!SetSystemMenu + 23 75DB1242 8 Bytes [FF, 85, D2, 0F, 85, D0, FB, ...]
.text user32.dll!SetSystemMenu + 2C 75DB124B 30 Bytes JMP 75DB0E15 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SetSystemMenu + 4B 75DB126A 10 Bytes [00, 8B, 46, 08, 3B, C3, 0F, ...]
.text user32.dll!SetSystemMenu + 56 75DB1275 15 Bytes CALL 75D966E1 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!ChildWindowFromPointEx + 7 75DB12B3 24 Bytes [03, FE, 7F, FF, 12, C2, 10, ...]
.text user32.dll!ChildWindowFromPointEx + 20 75DB12CC 21 Bytes [70, 20, 8B, 7F, 1C, FF, 70, ...]
.text user32.dll!ChildWindowFromPointEx + 36 75DB12E2 11 Bytes [70, 18, FF, 70, 14, FF, 70, ...] {JO 0x1a; PUSH DWORD [EAX+0x14]; PUSH DWORD [EAX+0x10]; PUSH DWORD [EAX+0xc]}
.text user32.dll!ChildWindowFromPointEx + 42 75DB12EE 5 Bytes [70, 1C, FF, 70, 04] {JO 0x1e; PUSH DWORD [EAX+0x4]}
.text user32.dll!ChildWindowFromPointEx + 48 75DB12F4 34 Bytes [30, 57, 39, 5D, 18, 0F, 84, ...]
.text ...
.text user32.dll!MapVirtualKeyExW + 19 75DB1683 37 Bytes [81, F9, 36, 01, 00, 00, 0F, ...]
.text user32.dll!MapVirtualKeyExW + 3F 75DB16A9 35 Bytes JMP 75DB4692 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!MapVirtualKeyExW + 63 75DB16CD 123 Bytes [03, 85, C0, 0F, 84, 3B, 78, ...]
.text user32.dll!ScrollWindow + B 75DB174A 25 Bytes [FF, FF, F7, D8, 1B, C0, 05, ...]
.text user32.dll!ScrollWindow + 25 75DB1764 35 Bytes [75, 0C, FF, 75, 08, E8, 89, ...]
.text user32.dll!ScrollWindow + 49 75DB1788 1 Byte [08]
.text user32.dll!ScrollWindow + 49 75DB1788 33 Bytes [08, 83, 7E, 08, 00, 57, 8D, ...]
.text user32.dll!ScrollWindow + 6B 75DB17AA 114 Bytes [4E, 48, 8B, 46, 54, 89, 7D, ...]
.text ...
.text user32.dll!DrawIcon + 2A 75DB185D 53 Bytes [FF, 75, 08, FF, 15, 1C, 12, ...]
.text user32.dll!DrawIcon + 60 75DB1893 10 Bytes [00, 83, 4D, FC, 01, 81, 65, ...]
.text user32.dll!DrawIcon + 6B 75DB189E 46 Bytes JMP 75D89634 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DrawIcon + 9B 75DB18CE 105 Bytes JMP 75D89B05 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DrawIcon + 105 75DB1938 33 Bytes [FD, FF, FF, 75, 10, 57, 50, ...]
.text ...
.text user32.dll!WaitForInputIdle + 25 75DB1ACE 5 Bytes [6A, 00, FF, 75, 0C] {PUSH 0x0; PUSH DWORD [EBP+0xc]}
.text user32.dll!WaitForInputIdle + 2B 75DB1AD4 35 Bytes CALL 75DB1AE3 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!WaitForInputIdle + 4F 75DB1AF8 62 Bytes [00, 00, 3B, 05, 1C, 91, DE, ...]
.text user32.dll!BringWindowToTop + 1A 75DB1B37 65 Bytes [68, 78, 05, 00, 00, E8, 85, ...]
.text user32.dll!GetScrollRange + D 75DB1B79 26 Bytes [85, C0, 74, 36, 8B, 55, 0C, ...]
.text user32.dll!GetScrollRange + 28 75DB1B94 3 Bytes [FF, 75, 14] {PUSH DWORD [EBP+0x14]}
.text user32.dll!GetScrollRange + 2D 75DB1B99 11 Bytes [10, 68, E3, 00, 00, 00, 50, ...]
.text user32.dll!GetScrollRange + 39 75DB1BA5 33 Bytes [33, C0, 40, 5D, C2, 10, 00, ...]
.text user32.dll!SetWindowWord + B 75DB1BC7 47 Bytes [12, C2, 0C, 00, 90, 90, 90, ...]
.text user32.dll!SetScrollPos + 27 75DB1BF7 127 Bytes CALL 75D96630 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetWindowWord + 70 75DB1C77 3 Bytes JMP 75DC180D \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetWindowWord + 74 75DB1C7B 17 Bytes [00, 00, A1, F4, 90, DE, 75, ...] {ADD [EAX], AL; MOV EAX, [0x75de90f4]; TEST BYTE [EAX], 0x2; JNZ 0x98c1; PUSH EDI}
.text user32.dll!GetWindowWord + 86 75DB1C8D 6 Bytes [76, 04, E8, 58, B8, FD]
.text user32.dll!GetWindowWord + 8D 75DB1C94 26 Bytes JMP 75D97BB4 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetWindowWord + A8 75DB1CAF 36 Bytes JMP 75D8AE91 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!AnimateWindow + 13 75DB1D45 5 Bytes [8B, 4D, 10, 33, DB] {MOV ECX, [EBP+0x10]; XOR EBX, EBX}
.text user32.dll!AnimateWindow + 19 75DB1D4B 77 Bytes [F6, 8B, F9, 8B, C1, 81, E7, ...]
.text user32.dll!AnimateWindow + 67 75DB1D99 6 Bytes [F0, FF, 0F, 85, 51, 02] {LOCK DEC DWORD [EDI]; TEST [ECX+0x2], EDX}
.text user32.dll!AnimateWindow + 6E 75DB1DA0 32 Bytes [00, F7, C1, 1F, 00, 08, 00, ...]
.text user32.dll!AnimateWindow + 8F 75DB1DC1 13 Bytes CALL 75D96937 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!SetWindowTextA + 53 75DB23BD 1 Byte [0F]
.text user32.dll!SetWindowTextA + 53 75DB23BD 30 Bytes [0F, 85, C6, 63, FF, FF, E8, ...]
.text user32.dll!SetWindowTextA + 72 75DB23DC 97 Bytes [89, 46, 08, 80, 3D, 80, 90, ...]
.text user32.dll!SetWindowTextA + D4 75DB243E 18 Bytes [20, 0F, 85, 94, 00, FE, FF, ...]
.text user32.dll!SetWindowTextA + E7 75DB2451 80 Bytes [55, 8B, EC, 8B, 4D, 08, 56, ...]
.text ...
.text user32.dll!GetScrollPos + 15 75DB2540 18 Bytes [8B, 55, 0C, 85, D2, 0F, 8C, ...]
.text user32.dll!GetScrollPos + 29 75DB2554 9 Bytes [8B, 48, 70, 85, C9, 0F, 84, ...]
.text user32.dll!GetScrollPos + 33 75DB255E 31 Bytes [FF, 2B, 48, 10, 03, C8, 83, ...]
.text user32.dll!GetScrollPos + 53 75DB257E 31 Bytes [A4, 2F, 01, 00, 33, F6, 46, ...]
.text user32.dll!GetScrollPos + 73 75DB259E 68 Bytes [FE, FF, 56, 8D, 45, FC, 50, ...]
.text ...
.text user32.dll!FrameRect + 12 75DB2615 14 Bytes [75, 0C, FF, 75, 08, E8, 96, ...] {JNZ 0xe; PUSH DWORD [EBP+0x8]; CALL 0x1fa0; POP EBP; RET 0xc}
.text user32.dll!FrameRect + 21 75DB2624 10 Bytes [47, 34, 3B, C3, 0F, 84, C0, ...] {INC EDI; XOR AL, 0x3b; RET ; JZ 0xfffffffffffe16ca}
.text user32.dll!FrameRect + 2C 75DB262F 37 Bytes [0D, 1C, 91, DE, 75, 3B, C1, ...]
.text user32.dll!FrameRect + 52 75DB2655 21 Bytes [A8, 08, 0F, 84, 82, 16, FE, ...]
.text user32.dll!GetClassLongA 75DB266F 12 Bytes [6A, 08, 68, B0, 26, DB, 75, ...] {PUSH 0x8; PUSH 0x75db26b0; CALL 0xfffffffffffe5f91}
.text user32.dll!GetClassLongA + D 75DB267C 55 Bytes CALL 75D986AE \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetClassLongA + 45 75DB26B4 8 Bytes [00, 00, 00, 00, D8, FF, FF, ...]
.text user32.dll!GetClassLongA + 4F 75DB26BE 22 Bytes [00, 00, FE, FF, FF, FF, CE, ...]
.text user32.dll!SetClassLongA + 4 75DB26D5 21 Bytes [EC, 83, EC, 1C, 56, 8B, 75, ...]
.text user32.dll!SetClassLongA + 1A 75DB26EB 6 Bytes [6A, 01, FF, 75, 10, 56] {PUSH 0x1; PUSH DWORD [EBP+0x10]; PUSH ESI}
.text user32.dll!SetClassLongA + 21 75DB26F2 8 Bytes CALL 75D865B3 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SetClassLongA + 2A 75DB26FB 9 Bytes [10, 83, FE, F8, 0F, 84, 58, ...]
.text user32.dll!SetClassLongA + 34 75DB2705 26 Bytes [8B, 45, 10, 5E, C9, C2, 0C, ...]
.text ...
.text user32.dll!ArrangeIconicWindows + F 75DB29C3 43 Bytes [5D, C2, 04, 00, 8B, 7F, 38, ...]
.text user32.dll!ArrangeIconicWindows + 3C 75DB29F0 4 Bytes [67, 0B, 01, 00]
.text user32.dll!ArrangeIconicWindows + 41 75DB29F5 24 Bytes CALL 75D977BF \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!ArrangeIconicWindows + 5A 75DB2A0E 8 Bytes [FF, FF, 33, C0, E9, A9, 12, ...]
.text user32.dll!ArrangeIconicWindows + 63 75DB2A17 8 Bytes [8B, C8, 89, 4D, 10, E9, 03, ...]
.text ...
.text user32.dll!TranslateAccelerator + C 75DB2B66 73 Bytes [5F, 00, 00, 53, 8B, 5D, 10, ...]
.text user32.dll!TranslateAccelerator + 56 75DB2BB0 8 Bytes [85, 5E, 14, 0F, 85, 8C, 03, ...]
.text user32.dll!TranslateAccelerator + 5F 75DB2BB9 4 Bytes JMP 75D92FC6 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!TranslateAccelerator + 64 75DB2BBE 52 Bytes [83, 66, 04, 00, FF, 15, C4, ...]
.text user32.dll!TranslateAccelerator + 99 75DB2BF3 81 Bytes [B8, 86, 00, 00, 00, 3B, C8, ...]
.text ...
.text user32.dll!ShowOwnedPopups + A 75DB3414 37 Bytes CALL 75D8C67F \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DefMDIChildProcA + 1 75DB343A 12 Bytes [FF, 55, 8B, EC, 6A, 01, FF, ...] {CALL [EBP-0x75]; IN AL, DX ; PUSH 0x1; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]}
.text user32.dll!DefMDIChildProcA + E 75DB3447 31 Bytes [75, 0C, FF, 75, 08, E8, 80, ...]
.text user32.dll!LoadBitmapA + D 75DB3467 171 Bytes [FF, FF, 0F, 85, 82, 8D, 00, ...]
.text user32.dll!LoadBitmapA + B9 75DB3513 36 Bytes [85, 20, 8B, 00, 00, 53, 53, ...]
.text user32.dll!LoadBitmapA + DE 75DB3538 32 Bytes [75, FC, FF, 35, 18, 91, DE, ...]
.text user32.dll!LoadBitmapA + 100 75DB355A 114 Bytes [E3, 8A, 00, 00, 8B, 45, 08, ...]

swarun · #13 April 18th, 2010, 09:12 AM

GMER log PART-7

.text user32.dll!LoadBitmapA + 173 75DB35CD 12 Bytes [C7, 45, 10, 04, 00, 00, 00, ...] {MOV DWORD [EBP+0x10], 0x4; MOVZX EAX, [EBP+0xc]; PUSH EAX}
.text ...
.text user32.dll!EnableScrollBar + 27 75DB3894 109 Bytes [89, 45, E4, 83, 65, FC, 00, ...]
.text user32.dll!TranslateMDISysAccel + 8 75DB3902 48 Bytes [0C, 8B, 47, 04, 3D, 00, 01, ...]
.text user32.dll!TranslateMDISysAccel + 39 75DB3933 26 Bytes [4D, 0C, 8B, C1, C1, E8, 08, ...]
.text user32.dll!TranslateMDISysAccel + 54 75DB394E 100 Bytes CALL 75D951D9 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!TranslateMDISysAccel + B9 75DB39B3 7 Bytes CALL 75D88930 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!TranslateMDISysAccel + C1 75DB39BB 2 Bytes [47, FF]
.text ...
.text user32.dll!GetTopWindow + 16 75DB3A73 63 Bytes CALL 75D986AF \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetTopWindow + 57 75DB3AB4 14 Bytes [00, 00, 00, 00, D4, FF, FF, ...]
.text user32.dll!GetTopWindow + 67 75DB3AC4 42 Bytes [7E, 5F, DC, 75, 82, 5F, DC, ...]
.text user32.dll!GetTopWindow + 92 75DB3AEF 38 Bytes [0D, 1C, 91, DE, 75, 56, 8B, ...]
.text user32.dll!GetTopWindow + B9 75DB3B16 38 Bytes [00, 0F, 85, 6A, 00, 01, 00, ...]
.text ...
.text user32.dll!DefMDIChildProcW + 8 75DB3B82 109 Bytes [75, 14, FF, 75, 10, FF, 75, ...]
.text user32.dll!GetClassNameA + 55 75DB3BF0 39 Bytes [FF, 83, C4, 0C, C6, 04, 3E, ...]
.text user32.dll!GetClassNameA + 7D 75DB3C18 3 Bytes [D8, FF, FF]
.text user32.dll!GetClassNameA + 81 75DB3C1C 5 Bytes [00, 00, 00, 00, FE]
.text user32.dll!GetClassNameA + 88 75DB3C23 26 Bytes [FF, 85, 5E, DC, 75, 89, 5E, ...]
.text user32.dll!GetClassNameA + A3 75DB3C3E 29 Bytes [6E, 4A, FE, FF, 8B, F8, 89, ...]
.text ...
.text user32.dll!DefFrameProcW + 1 75DB3CCD 15 Bytes [FF, 55, 8B, EC, 6A, 00, FF, ...] {CALL [EBP-0x75]; IN AL, DX ; PUSH 0x0; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]; PUSH DWORD [EBP+0x10]}
.text user32.dll!DefFrameProcW + 11 75DB3CDD 5 Bytes [75, 0C, FF, 75, 08] {JNZ 0xe; PUSH DWORD [EBP+0x8]}
.text user32.dll!DefFrameProcW + 17 75DB3CE3 2 Bytes CALL 75DB3C32 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DefFrameProcW + 1B 75DB3CE7 94 Bytes [5D, C2, 14, 00, 90, 90, 90, ...]
.text user32.dll!DefFrameProcW + 7A 75DB3D46 16 Bytes [00, 90, 90, 90, 90, 90, 8B, ...] {ADD [EAX-0x6f6f6f70], DL; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH 0x67; PUSH DWORD [EBP+0xc]}
.text user32.dll!ValidateRgn + B 75DB3D57 10 Bytes CALL 75D8C680 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!ValidateRgn + 16 75DB3D62 4 Bytes [90, 90, 90, 90] {NOP ; NOP ; NOP ; NOP }
.text user32.dll!ValidateRgn + 1B 75DB3D67 117 Bytes [8B, FF, 55, 8B, EC, 51, 8B, ...]
.text user32.dll!ValidateRgn + 92 75DB3DDE 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text user32.dll!RemovePropA + 1 75DB3DE2 2 Bytes [FF, 55]
.text user32.dll!RemovePropA + 4 75DB3DE5 47 Bytes [EC, 53, 8B, 5D, 0C, 81, E3, ...]
.text user32.dll!RemovePropA + 34 75DB3E15 135 Bytes CALL 75D979F6 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DefFrameProcA + 2 75DB3E9D 8 Bytes [55, 8B, EC, 6A, 01, FF, 75, ...] {PUSH EBP; MOV EBP, ESP; PUSH 0x1; PUSH DWORD [EBP+0x18]}
.text user32.dll!DefFrameProcA + B 75DB3EA6 118 Bytes [75, 14, FF, 75, 10, FF, 75, ...]
.text user32.dll!IsCharAlphaW + 46 75DB3F1D 4 Bytes [84, 62, 28, 01]
.text user32.dll!IsCharAlphaW + 4B 75DB3F22 68 Bytes [F6, 45, FC, 30, 6A, 00, 58, ...]
.text user32.dll!IsCharAlphaW + 90 75DB3F67 289 Bytes [81, 4E, 14, 00, 08, 00, 00, ...]
.text user32.dll!GetUpdateRgn + 15 75DB4089 39 Bytes [23, 46, FE, FF, 3B, C6, 0F, ...]
.text user32.dll!GetUpdateRgn + 3D 75DB40B1 37 Bytes [FF, 56, 56, 56, 56, FF, 75, ...]
.text user32.dll!GetInputState + C 75DB40D8 1 Byte [85]
.text user32.dll!GetInputState + C 75DB40D8 34 Bytes [85, C0, 0F, 84, 82, E5, FF, ...]
.text user32.dll!GetInputState + 2F 75DB40FB 52 Bytes [FF, 74, 4F, 49, 0F, 84, D8, ...]
.text user32.dll!GetInputState + 64 75DB4130 169 Bytes [66, 23, C1, 0F, B7, C0, 66, ...]
.text user32.dll!GetPropA + 2E 75DB41DA 53 Bytes [90, 90, 90, 90, 8B, FF, 55, ...]
.text user32.dll!CallWindowProcA + 32 75DB4210 21 Bytes [EB, C2, FF, B5, DC, FD, FF, ...]
.text user32.dll!GetCursorFrameInfo 75DB4228 45 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
.text user32.dll!GetCursorFrameInfo + 2E 75DB4256 87 Bytes [00, BA, 00, 03, FE, 7F, FF, ...]
.text user32.dll!DdeFreeStringHandle + A 75DB42AE 24 Bytes [92, DE, 75, 57, 33, DB, FF, ...]
.text user32.dll!DdeFreeStringHandle + 23 75DB42C7 3 Bytes [84, 69, DE] {TEST [ECX-0x22], CH}
.text user32.dll!DdeFreeStringHandle + 28 75DB42CC 19 Bytes CALL 75D86815 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DdeFreeStringHandle + 3C 75DB42E0 53 Bytes [00, 00, 01, 0F, 85, 6B, DE, ...]
.text user32.dll!DdeFreeStringHandle + 72 75DB4316 10 Bytes [90, 90, 90, 90, 8B, FF, 55, ...] {NOP ; NOP ; NOP ; NOP ; MOV EDI, EDI; PUSH EBP; MOV EBP, ESP; PUSH ESI}
.text ...
.text user32.dll!DdeUninitialize + A 75DB435A 47 Bytes [92, DE, 75, 57, 33, DB, FF, ...]
.text user32.dll!DdeUninitialize + 3A 75DB438A 19 Bytes [00, 00, 8B, 46, 08, 68, F8, ...]
.text user32.dll!DdeUninitialize + 4E 75DB439E 117 Bytes [00, 8B, 46, 08, BB, 81, ED, ...]
.text user32.dll!DdeUninitialize + C4 75DB4414 17 Bytes CALL 75DB4318 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DdeUninitialize + D6 75DB4426 40 Bytes [A3, 20, 99, DE, 75, 56, FF, ...]
.text ...
.text user32.dll!MessageBeep + F 75DB4506 50 Bytes [5D, C2, 04, 00, F7, 40, 1C, ...]
.text user32.dll!MessageBeep + 42 75DB4539 93 Bytes [55, 8B, EC, 8B, 4D, 08, E8, ...]
.text user32.dll!FlashWindow + 36 75DB4598 15 Bytes [C9, C2, 08, 00, 90, 90, 90, ...]
.text user32.dll!FlashWindowEx + 7 75DB45A8 8 Bytes [03, FE, 7F, FF, 12, C2, 04, ...] {ADD EDI, ESI; JG 0x3; ADC AL, DL; ADD AL, 0x0}
.text user32.dll!FlashWindowEx + 11 75DB45B2 3 Bytes [90, 90, 90] {NOP ; NOP ; NOP }
.text user32.dll!FlashWindowEx + 15 75DB45B6 2 Bytes [FF, 55]
.text user32.dll!FlashWindowEx + 18 75DB45B9 90 Bytes [EC, 83, EC, 64, 8D, 45, EC, ...]
.text user32.dll!FlashWindowEx + 73 75DB4614 10 Bytes [0F, AF, 45, 1C, 0F, AF, 4D, ...]
.text ...
.text user32.dll!DrawFocusRect + 10 75DB4710 33 Bytes [33, D2, 42, 3B, CA, 56, 8B, ...]
.text user32.dll!DrawFocusRect + 32 75DB4732 20 Bytes [B0, 4C, 0A, 00, 00, FF, 75, ...]
.text user32.dll!DrawFocusRect + 47 75DB4747 23 Bytes [85, C0, 0F, 84, D0, 85, FD, ...]
.text user32.dll!DrawFocusRect + 5F 75DB475F 73 Bytes JMP 379A5674
.text user32.dll!DrawFocusRect + A9 75DB47A9 67 Bytes [12, C2, 10, 00, 2B, 48, 10, ...]
.text user32.dll!SetWindowRgnEx + 34 75DB47ED 41 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!SetWindowRgnEx + 5E 75DB4817 2 Bytes JMP 75D990DE \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SetWindowRgnEx + 61 75DB481A 65 Bytes JMP 75D89726 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SetWindowRgnEx + A3 75DB485C 41 Bytes [FF, 8B, 83, B4, 00, 00, 00, ...]
.text user32.dll!MapDialogRect + 18 75DB4888 42 Bytes CALL 75D8B8EB \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!MapDialogRect + 44 75DB48B4 2 Bytes [8B, 40]
.text user32.dll!MapDialogRect + 47 75DB48B7 94 Bytes [0F, AF, 41, 08, 40, 40, 99, ...]
.text user32.dll!CopyAcceleratorTableW + 5 75DB4917 26 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!GetDialogBaseUnits + C 75DB4932 6 Bytes [00, 0F, B7, 89, 84, 0A] {ADD [EDI], CL; MOV BH, 0x89; TEST [EDX], CL}

swarun · #14 April 18th, 2010, 09:14 AM

GMER log PART-8

.text user32.dll!GetDialogBaseUnits + 13 75DB4939 8 Bytes [00, C1, E0, 10, 0B, C1, C3, ...]
.text user32.dll!GetDialogBaseUnits + 1C 75DB4942 10 Bytes [3C, FE, FF, 85, C0, 0F, 84, ...] {CMP AL, 0xfe; INC DWORD [EBP-0x327bf040]; OR AL, 0xfe}
.text user32.dll!GetDialogBaseUnits + 27 75DB494D 19 Bytes JMP 75D9561A \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetDialogBaseUnits + 3B 75DB4961 14 Bytes [85, C0, 0F, 84, C9, 0C, FE, ...] {TEST EAX, EAX; JZ 0xfffffffffffe0cd1; MOV ESI, [EBP-0x4]; ADD ESI, 0x40}
.text ...
.text user32.dll!GetCaretPos + 21 75DB4A07 11 Bytes [0F, 83, 44, 8E, FD, FF, 81, ...]
.text user32.dll!GetCaretPos + 2D 75DB4A13 73 Bytes CALL 745D4A15
.text user32.dll!GetCaretPos + 77 75DB4A5D 27 Bytes [DE, 75, F6, 02, 04, 0F, 84, ...]
.text user32.dll!GetCaretPos + 93 75DB4A79 29 Bytes [6A, 07, 59, 33, C0, 8D, 7D, ...]
.text user32.dll!GetCaretPos + B2 75DB4A98 57 Bytes [FB, FF, 8B, 7D, FC, E9, 56, ...]
.text user32.dll!DialogBoxIndirectParamW + 2C 75DB4AD3 16 Bytes [0F, 85, 57, 0B, 00, 00, 6A, ...]
.text user32.dll!DialogBoxIndirectParamW + 3D 75DB4AE4 16 Bytes CALL 75D880A9 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DialogBoxIndirectParamW + 4E 75DB4AF5 8 Bytes [F6, 40, 23, 08, 0F, 85, 1D, ...]
.text user32.dll!DialogBoxIndirectParamW + 57 75DB4AFE 49 Bytes [00, 8B, 00, 50, 6A, 02, 68, ...]
.text user32.dll!MenuItemFromPoint + 9 75DB4B30 1 Byte [7F]
.text user32.dll!MenuItemFromPoint + 9 75DB4B30 24 Bytes [7F, FF, 12, C2, 10, 00, 90, ...]
.text user32.dll!TrackPopupMenu + F 75DB4B4A 4 Bytes [10, FF, 75, 0C] {ADC BH, BH; JNZ 0x10}
.text user32.dll!TrackPopupMenu + 14 75DB4B4F 30 Bytes CALL 75DB5F70 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!DrawStateW + 2 75DB4B6E 8 Bytes [55, 8B, EC, 83, EC, 40, 83, ...]
.text user32.dll!DrawStateW + B 75DB4B77 6 Bytes [FF, 57, 33, FF, 89, 7D]
.text user32.dll!DrawStateW + 12 75DB4B7E 145 Bytes [89, 7D, F8, 39, 3D, 10, 91, ...]
.text user32.dll!DrawStateW + A5 75DB4C11 139 Bytes [D8, 03, C1, 50, 56, FF, 15, ...]
.text user32.dll!DrawStateW + 131 75DB4C9D 7 Bytes [45, F8, 5F, C9, C2, 28, 00] {INC EBP; CLC ; POP EDI; LEAVE ; RET 0x28}
.text ...
.text user32.dll!SendDlgItemMessageW + C 75DB4D0A 7 Bytes [F9, FE, FF, 81, 7D, 08, FF]
.text user32.dll!SendDlgItemMessageW + 14 75DB4D12 56 Bytes [00, 00, 0F, 84, 0F, F9, FE, ...]
.text user32.dll!SetDlgItemTextW + 6 75DB4D4B 30 Bytes [75, 0C, FF, 75, 08, E8, BB, ...]
.text user32.dll!SetDlgItemTextW + 25 75DB4D6A 72 Bytes [33, FF, 47, 57, FF, 75, 08, ...]
.text user32.dll!SetDlgItemInt + 2 75DB4DB3 86 Bytes [55, 8B, EC, 83, EC, 28, A1, ...]
.text user32.dll!SetDlgItemInt + 59 75DB4E0A 58 Bytes [10, 00, 90, 90, 90, 90, 90, ...]
.text user32.dll!SetDlgItemInt + 94 75DB4E45 60 Bytes [EB, DB, 85, C0, 7D, 93, E9, ...]
.text user32.dll!SetDlgItemInt + D1 75DB4E82 38 Bytes [40, 0C, 03, 45, 14, 89, 41, ...]
.text user32.dll!SetDlgItemInt + F8 75DB4EA9 13 Bytes [06, 00, 00, 8D, 45, C8, 50, ...]
.text ...
.text user32.dll!GetActiveWindow + B 75DB545D 29 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text user32.dll!GetActiveWindow + 29 75DB547B 7 Bytes [FF, 00, 00, 0F, 84, AF, 8C]
.text user32.dll!GetActiveWindow + 32 75DB5484 44 Bytes [85, DB, 74, 41, 8B, CB, E8, ...]
.text user32.dll!GetActiveWindow + 5F 75DB54B1 55 Bytes [F0, 33, F3, 81, E6, FF, FF, ...]
.text user32.dll!GetActiveWindow + 97 75DB54E9 86 Bytes [FF, 75, 1C, FF, 75, 18, FF, ...]
.text user32.dll!DialogBoxIndirectParamAorW + 24 75DB5541 1 Byte [18]
.text user32.dll!DialogBoxIndirectParamAorW + 27 75DB5544 1 Byte [14]
.text user32.dll!DialogBoxIndirectParamAorW + 2A 75DB5547 4 Bytes [10, FF, 75, 0C] {ADC BH, BH; JNZ 0x10}
.text user32.dll!DialogBoxIndirectParamAorW + 2F 75DB554C 66 Bytes CALL 75DB545D \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!EndDialog + 33 75DB558F 3 Bytes [45, 08, A9]
.text user32.dll!EndDialog + 37 75DB5593 3 Bytes [FF, 00, 00]
.text user32.dll!EndDialog + 3B 75DB5597 27 Bytes [07, C7, 45, FC, 01, 00, 00, ...]
.text user32.dll!EndDialog + 57 75DB55B3 38 Bytes [84, 5C, F5, FF, FF, 2B, 46, ...]
.text user32.dll!EndDialog + 7E 75DB55DA 144 Bytes [8B, 08, 83, 49, 14, 01, 8B, ...]
.text user32.dll!DialogBoxParamW + 21 75DB566B 6 Bytes [FF, 15, 74, 13, D8, 75] {CALL [0x75d81374]}
.text user32.dll!DialogBoxParamW + 28 75DB5672 11 Bytes [C0, 74, 16, 6A, 00, FF, 75, ...] {SAL BYTE [ESI+EDX+0x6a], 0x0; PUSH DWORD [EBP+0x18]; PUSH DWORD [EBP+0x14]}
.text user32.dll!DialogBoxParamW + 34 75DB567E 84 Bytes [75, 10, 50, FF, 75, 08, E8, ...]
.text user32.dll!DialogBoxParamW + 8B 75DB56D5 21 Bytes [90, 90, 8B, FF, 55, 8B, EC, ...]
.text user32.dll!DialogBoxParamW + A1 75DB56EB 4 Bytes JMP 84DB57DE
.text ...
.text user32.dll!ShowScrollBar + 21 75DB57A6 30 Bytes [00, F7, C1, 04, 09, 00, 00, ...]
.text user32.dll!ShowScrollBar + 41 75DB57C6 19 Bytes [1C, C1, 6D, 14, 10, 0F, B7, ...] {SBB AL, 0xc1; INSD ; ADC AL, 0x10; MOVZX EAX, [EBP+0x14]; PUSH EAX; MOVZX ESI, SI; MOVZX EAX, SI; PUSH EAX; PUSH 0x1}
.text user32.dll!ShowScrollBar + 55 75DB57DA 59 Bytes [75, 08, 83, C7, 04, 6A, 00, ...]
.text user32.dll!ShowScrollBar + 91 75DB5816 60 Bytes [FF, 70, 04, 89, 4D, FC, FF, ...]
.text user32.dll!IsWinEventHookInstalled + 9 75DB5853 10 Bytes [00, 00, 83, 78, 40, 00, 0F, ...]
.text user32.dll!IsWinEventHookInstalled + 15 75DB585F 63 Bytes CALL 75D9F2C7 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!IsWinEventHookInstalled + 55 75DB589F 36 Bytes [94, C0, 88, 45, 0F, E9, 0C, ...]
.text user32.dll!ScrollWindowEx + 1 75DB58C4 45 Bytes [FF, 55, 8B, EC, 8B, 45, 24, ...]
.text user32.dll!ScrollWindowEx + 2F 75DB58F2 8 Bytes [90, 90, 90, 90, 90, B8, 16, ...]
.text user32.dll!ScrollWindowEx + 38 75DB58FB 81 Bytes [00, BA, 00, 03, FE, 7F, FF, ...]
.text user32.dll!GetClassWord + 25 75DB594D 46 Bytes [74, 55, 6A, 57, 53, 68, B0, ...]
.text user32.dll!GetClassWord + 54 75DB597C 11 Bytes [8B, 45, 0C, 83, F8, E0, 0F, ...]
.text user32.dll!GetClassWord + 60 75DB5988 1 Byte [6A]
.text user32.dll!GetClassWord + 60 75DB5988 90 Bytes [6A, 00, 50, 57, 56, E8, 26, ...]
.text user32.dll!GetClassWord + BB 75DB59E3 40 Bytes CALL 445F68EC
.text ...
.text user32.dll!CopyIcon + 17 75DB5A3C 36 Bytes [85, C0, 74, 23, 56, 8D, 45, ...]
.text user32.dll!CopyIcon + 3C 75DB5A61 45 Bytes [D6, 5E, 8B, C7, 5F, C9, C2, ...]
.text user32.dll!CopyIcon + 6A 75DB5A8F 21 Bytes [8B, 48, 0C, 85, C9, 0F, 84, ...]
.text user32.dll!CopyIcon + 80 75DB5AA5 36 Bytes JMP 75D88894 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CopyIcon + A5 75DB5ACA 15 Bytes [15, 3C, 13, D8, 75, 33, C0, ...] {ADC EAX, 0x75d8133c; XOR EAX, EAX; JMP 0xfffffffffffd7678; CMP ECX, 0xb}
.text ...
.text user32.dll!GetMessageTime + 7 75DB5B24 63 Bytes [C3, 90, 90, 90, 90, 90, 8B, ...]
.text user32.dll!GetMessageTime + 47 75DB5B64 132 Bytes [76, 2C, FF, 76, 28, FF, 76, ...]
.text user32.dll!OpenClipboard + 30 75DB5BE9 16 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!OpenClipboard + 41 75DB5BFA 37 Bytes [56, 68, 20, 92, DE, 75, FF, ...]
.text user32.dll!OpenClipboard + 67 75DB5C20 50 Bytes [5E, 85, C0, 0F, 85, 94, 2F, ...]
.text user32.dll!GetClipboardSequenceNumber + 5 75DB5C53 245 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!GetClipboardOwner + E9 75DB5D49 44 Bytes JMP 75DB6A3F \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetClipboardOwner + 116 75DB5D76 6 Bytes [00, BA, 00, 03, FE, 7F] {ADD [EDX+0x7ffe0300], BH}
.text user32.dll!GetClipboardOwner + 11D 75DB5D7D 39 Bytes [12, C2, 08, 00, 90, 90, 90, ...]
.text user32.dll!ModifyMenuW + 1F 75DB5DA5 71 Bytes [6A, 00, 8D, 45, D0, 50, 6A, ...]
.text user32.dll!CountClipboardFormats + 24 75DB5DED 34 Bytes JMP 75DBA235 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SetMenuInfo + D 75DB5E10 64 Bytes [00, 00, 85, C0, 0F, 84, FE, ...]
.text user32.dll!SetMenuInfo + 50 75DB5E53 12 Bytes [83, F9, 0F, 0F, 86, 8B, 11, ...]
.text user32.dll!SetMenuInfo + 5E 75DB5E61 3 Bytes [FF, 85, C0]
.text user32.dll!SetMenuInfo + 62 75DB5E65 4 Bytes [85, 7D, 11, FE]
.text user32.dll!SetMenuInfo + 67 75DB5E6A 2 Bytes [57, 6A]
.text ...
.text user32.dll!GetMenuInfo + 1 75DB5EAC 33 Bytes [FF, 55, 8B, EC, 56, 8B, 75, ...]
.text user32.dll!GetMenuInfo + 23 75DB5ECE 90 Bytes [85, C0, 0F, 84, 6C, FE, FF, ...]
.text user32.dll!GetMenuInfo + 7E 75DB5F29 38 Bytes [FF, 8B, 48, 04, F7, C1, E0, ...]
.text user32.dll!GetMenuInfo + A5 75DB5F50 37 Bytes [00, 00, FC, 89, 56, 08, EB, ...]
.text user32.dll!TrackPopupMenuEx + 4 75DB5F76 62 Bytes [00, BA, 00, 03, FE, 7F, FF, ...]
.text user32.dll!TrackPopupMenuEx + 43 75DB5FB5 15 Bytes [8B, 45, E0, A3, 44, 9A, DE, ...]
.text user32.dll!TrackPopupMenuEx + 54 75DB5FC6 37 Bytes JMP 75D894D4 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!TrackPopupMenuEx + 7A 75DB5FEC 7 Bytes [6C, 00, 6C, 00, 20, 00, 44]
.text user32.dll!TrackPopupMenuEx + 82 75DB5FF4 5 Bytes [6C, 00, 67, 00, 20]
.text ...

swarun · #15 April 18th, 2010, 09:16 AM

GMER log PART-9

.text user32.dll!MapVirtualKeyA + 7 75DB62F3 20 Bytes [6A, 00, FF, 75, 0C, FF, 75, ...]
.text user32.dll!MapVirtualKeyA + 1D 75DB6309 3 Bytes [F0, 0D, 01]
.text user32.dll!MapVirtualKeyA + 21 75DB630D 22 Bytes [8B, 45, 08, 5D, C2, 08, 00, ...]
.text user32.dll!MapVirtualKeyA + 38 75DB6324 28 Bytes [B8, 2E, 69, 63, 6F, E9, 2B, ...]
.text user32.dll!MapVirtualKeyA + 55 75DB6341 107 Bytes [01, 00, 80, 8D, 85, E8, FD, ...]
.text ...
.text user32.dll!SetCaretPos + E 75DB64F3 45 Bytes [80, D8, FD, FF, 5D, C2, 08, ...]
.text user32.dll!GetNextDlgTabItem + E 75DB6522 34 Bytes [8B, F0, 85, F6, 74, 22, 8B, ...]
.text user32.dll!GetNextDlgTabItem + 31 75DB6545 4 Bytes [5E, 5D, C2, 0C]
.text user32.dll!GetNextDlgTabItem + 36 75DB654A 4 Bytes [33, C0, EB, F7] {XOR EAX, EAX; JMP 0xfffffffffffffffb}
.text user32.dll!GetNextDlgTabItem + 3C 75DB6550 120 Bytes [90, 90, 90, 6A, 06, E8, 64, ...]
.text user32.dll!DestroyAcceleratorTable + 61 75DB65C9 78 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!GetWindowRgn + 4A 75DB6618 35 Bytes [0F, 84, 43, DC, FE, FF, 0F, ...]
.text user32.dll!GetWindowRgn + 6E 75DB663C 30 Bytes [15, A8, 12, D8, 75, 8B, F8, ...]
.text user32.dll!UnregisterPowerSettingNotification 75DB665B 26 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text user32.dll!UnregisterPowerSettingNotification + 1B 75DB6676 102 Bytes [00, 68, A8, 66, DB, 75, 57, ...]
.text user32.dll!GetCursor + D 75DB66DD 31 Bytes [35, 90, 90, DE, 75, FF, 15, ...]
.text user32.dll!GetCursor + 2E 75DB66FE 13 Bytes [DE, 75, FF, 15, 34, 11, D8, ...] {FIDIV WORD [EBP-0x1]; ADC EAX, 0x75d81134; JMP 0xfffffffffffd70fe}
.text user32.dll!GetCursor + 3C 75DB670C 23 Bytes [B5, F8, FD, FF, FF, FF, 15, ...]
.text user32.dll!GetCursor + 55 75DB6725 52 Bytes [90, 90, 90, 8B, FF, 55, 8B, ...]
.text user32.dll!GetCursor + 8A 75DB675A 8 Bytes [83, 7D, 0C, 00, 0F, 85, A7, ...]
.text ...
.text user32.dll!GetMessagePos + 58 75DB67DD 46 Bytes [4D, 08, 83, C1, 14, 51, 50, ...]
.text user32.dll!GetMenuStringW 75DB680C 77 Bytes [8B, FF, 55, 8B, EC, 83, EC, ...]
.text user32.dll!GetMenuStringW + 4E 75DB685A 79 Bytes [00, 6A, 00, 53, FF, 75, F4, ...]
.text user32.dll!GetMenuStringW + 9E 75DB68AA 146 Bytes [00, 00, 8B, C6, 2B, 46, 10, ...]
.text user32.dll!GetMenuStringW + 131 75DB693D 9 Bytes CALL 75D95A03 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetMenuStringW + 13B 75DB6947 5 Bytes [FF, 75, 18, 68, B1]
.text ...
.text user32.dll!GetMenuState 75DB698E 11 Bytes [6A, 0C, 68, E0, 69, DB, 75, ...]
.text user32.dll!GetMenuState + C 75DB699A 22 Bytes [B2, 02, 8B, 4D, 08, E8, 7C, ...]
.text user32.dll!GetMenuState + 23 75DB69B1 11 Bytes [FF, FF, 0F, 85, AD, F3, 00, ...]
.text user32.dll!GetMenuState + 2F 75DB69BD 3 Bytes [FF, 75, 10] {PUSH DWORD [EBP+0x10]}
.text user32.dll!GetMenuState + 33 75DB69C1 28 Bytes CALL 75DB69FE \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!GetLastActivePopup + 1C 75DB6A68 32 Bytes CALL 75DB6AB0 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!GetLastActivePopup + 3D 75DB6A89 9 Bytes [90, 90, 90, 90, 90, 90, 90, ...]
.text user32.dll!GetLastActivePopup + 47 75DB6A93 3 Bytes [FF, 00, 00]
.text user32.dll!GetLastActivePopup + 4B 75DB6A97 21 Bytes [00, D4, FF, FF, FF, 00, 00, ...]
.text user32.dll!GetLastActivePopup + 62 75DB6AAE 14 Bytes [90, 90, 90, 8B, FF, 55, 8B, ...]
.text ...
.text user32.dll!SetCapture + 5 75DB6B2F 9 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...]
.text user32.dll!SetCapture + F 75DB6B39 9 Bytes [90, 90, 90, 90, 90, B8, B2, ...]
.text user32.dll!GetKeyboardState + 5 75DB6B43 12 Bytes [BA, 00, 03, FE, 7F, FF, 12, ...] {MOV EDX, 0x7ffe0300; CALL [EDX]; RET 0x4; NOP ; NOP }
.text user32.dll!SetKeyboardState 75DB6B52 61 Bytes [B8, 2A, 12, 00, 00, BA, 00, ...]
.text user32.dll!SetKeyboardState + 3E 75DB6B90 98 Bytes [85, C0, 0F, 84, B6, E4, FD, ...]
.text user32.dll!LockSetForegroundWindow + F 75DB6BF3 36 Bytes [5D, C2, 04, 00, 90, 90, 90, ...]
.text user32.dll!SwitchToThisWindow + 2 75DB6C18 8 Bytes [55, 8B, EC, 6A, 65, FF, 75, ...] {PUSH EBP; MOV EBP, ESP; PUSH 0x65; PUSH DWORD [EBP+0xc]}
.text user32.dll!SwitchToThisWindow + B 75DB6C21 25 Bytes CALL 75D8C680 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SwitchToThisWindow + 28 75DB6C3E 53 Bytes [90, B8, 5E, 12, 00, 00, BA, ...]
.text user32.dll!MapVirtualKeyW + D 75DB6C74 11 Bytes CALL 75DB6C51 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!MapVirtualKeyW + 1A 75DB6C81 37 Bytes [90, 90, 90, B8, 41, 11, 00, ...]
.text user32.dll!CreateMenu + 10 75DB6CA8 2 Bytes [BB, AD]
.text user32.dll!CreateMenu + 14 75DB6CAC 25 Bytes [8B, 81, 20, 0A, 00, 00, 89, ...]
.text user32.dll!CreateMenu + 2E 75DB6CC6 28 Bytes JMP 75D989CE \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!CreateMenu + 4B 75DB6CE3 13 Bytes [65, FC, 00, 6A, 00, FF, 70, ...]
.text user32.dll!CreateMenu + 59 75DB6CF1 134 Bytes [50, 10, 6A, 00, 6A, 0C, 5A, ...]
.text user32.dll!WindowFromPhysicalPoint + 51 75DB6D78 38 Bytes [C2, 04, 00, 90, 90, 90, 90, ...]
.text user32.dll!WindowFromPhysicalPoint + 78 75DB6D9F 37 Bytes [D3, 8B, 3D, DC, 90, DE, 75, ...]
.text user32.dll!WindowFromPhysicalPoint + 9E 75DB6DC5 4 Bytes [85, 22, 3A, 00] {TEST [EDX], ESP; CMP AL, [EAX]}
.text user32.dll!WindowFromPhysicalPoint + A3 75DB6DCA 19 Bytes [33, C0, 39, 7D, 08, 5F, 5E, ...]
.text user32.dll!WindowFromPhysicalPoint + B7 75DB6DDE 22 Bytes JMP 75DB6FE0 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!SetWindowsHookExA + 2D 75DB6E27 4 Bytes [00, 00, 8B, 88]
.text user32.dll!SetWindowsHookExA + 32 75DB6E2C 6 Bytes [07, 00, 00, 05, CC, 06]
.text user32.dll!SetWindowsHookExA + 39 75DB6E33 81 Bytes [00, 89, 4D, F0, 8B, 4D, 08, ...]
.text user32.dll!SetWindowsHookExA + 8B 75DB6E85 76 Bytes [89, 41, 34, 8B, 45, 08, 5F, ...]
.text user32.dll!SendMessageTimeoutA + 3B 75DB6ED2 27 Bytes [01, 00, 8B, 00, 89, 45, FC, ...]
.text user32.dll!SendMessageTimeoutA + 57 75DB6EEE 6 Bytes [00, 00, 00, 89, 75, F8]
.text user32.dll!SendMessageTimeoutA + 5E 75DB6EF5 2 Bytes [7D, F0] {JGE 0xfffffffffffffff2}
.text user32.dll!SendMessageTimeoutA + 61 75DB6EF8 20 Bytes [80, CC, 06, 00, 00, 8D, 4D, ...]
.text user32.dll!SendMessageTimeoutA + 76 75DB6F0D 4 Bytes CALL 75DB6E1B \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text ...
.text user32.dll!GetPhysicalCursorPos + 15 75DB6FC0 3 Bytes [F6, C3, 02] {TEST BL, 0x2}
.text user32.dll!GetPhysicalCursorPos + 19 75DB6FC4 3 Bytes [84, 44, B4]
.text user32.dll!GetPhysicalCursorPos + 1E 75DB6FC9 33 Bytes [B8, 00, 04, 00, 00, E9, 80, ...]
.text user32.dll!GetPhysicalCursorPos + 41 75DB6FEC 4 Bytes [8D, 81, E0, 0A]
.text user32.dll!GetPhysicalCursorPos + 47 75DB6FF2 105 Bytes JMP 75D9639A \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!SendInput + 7 75DB705C 40 Bytes [03, FE, 7F, FF, 12, C2, 0C, ...]
.text user32.dll!FindWindowExW + 1C 75DB7085 63 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!EnumWindowStationsW + F 75DB70C5 4 Bytes CALL 75D8DC85 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!EnumWindowStationsW + 14 75DB70CA 3 Bytes [5D, C2, 08]
.text user32.dll!EnumWindowStationsW + 18 75DB70CE 35 Bytes [90, 90, 90, 90, 90, 8B, FF, ...]
.text user32.dll!IsHungAppWindow + 22 75DB70F5 3 Bytes [48, 79, FD] {DEC EAX; JNS 0x0}
.text user32.dll!IsHungAppWindow + 26 75DB70F9 14 Bytes JMP 75D8EA41 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!IsHungAppWindow + 35 75DB7108 29 Bytes CALL 75D985D0 \Windows\System32\user32.dll (Multi-User Windows USER API Client DLL/Microsoft Corporation)
.text user32.dll!IsHungAppWindow + 53 75DB7126 10 Bytes [83, 66, 04, 00, 80, 3D, 80, ...]
.text user32.dll!IsHungAppWindow + 5E 75DB7131 10 Bytes [0F, 85, 3A, 14, FF, FF, E8, ...]
.text ...

Similar Topics
Topic	Topic Starter	Forum	Replies	Last Post
Virus Infection	jpr1092	Malware Removal	16	November 11th, 2010 03:56 PM
HJT log possible virus infection	jviescas	Malware Removal	3	September 16th, 2009 04:25 AM
Possible virus infection	Ushnish	Windows XP	1	August 21st, 2007 08:45 AM
Virus Infection yet again	Rackers	Malware Removal	42	February 28th, 2007 07:16 PM
Virus Infection	Brian M	Windows ME	4	April 14th, 2004 06:56 PM