Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Hijack log/ BackDoor-BAC!rootkit HELP!

This is a discussion on Hijack log/ BackDoor-BAC!rootkit HELP! within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. Im having this problem the same as someone else, I run Mcafee security centre which I have only had since


 
 
Thread Tools Search this Thread
Old 04-28-2007, 05:44 AM   #1
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



Im having this problem the same as someone else, I run Mcafee security centre which I have only had since wed of this week, it finds the trojan and deletes it, i restart the pc and it comes back. .

It Says the File is:
Memory\LoadLibraryExW

this is the latest log.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:44:04, on 28/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\VeohClientService.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Carol\Desktop\HiJackThis_v2\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\program files\mcafee\virusscan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\spyware doctor\filterlsp.dll
O14 - IERESET.INF: START_PAGE_URL=https://www.infinityuk.net/
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - https://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - https://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - https://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsu...?1145352294743
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1147707658640
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://static.photobox.co.uk/sg/common/uploader_uni.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\MadeSafe\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\VeohClientService.exe

--
End of file - 14824 bytes
cally120 is offline  
Sponsored Links
Advertisement
 
Old 04-28-2007, 05:46 AM   #2
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



I have win xp and with service pack 2, In dont know what other details you need.
cally120 is offline  
Old 04-28-2007, 11:42 AM   #3
Guest
 
Join Date: Nov 2006
Posts: 207
OS:



Hello cally120 and Welcome to TechSupport,

Please do the following:

STEP 1.
======
Please download AVG Anti-Spyware from HERE
and save that file to your
desktop.
This is a 30 day trial of the program
  1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop
    and double-click it to launch the set up program.
  2. Once the setup is complete you will need run ewido and update the definition files.
  3. On the main screen
    • select the icon "Update"
    • then select the "Update now" link.
    • Next select the "Start Update" button,
    the update will start and a progress bar will show the updates being installed.
  4. Once the update has completed select the "Scanner" icon at the top of
    the screen, then select the "Settings" tab.
  5. Once in the Settings screen click on "Recommended actions" and then
    select ""Quarantine".".
  6. Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found
    "
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  1. Reboot your computer into SafeMode. You can do this by restarting
    your computer and continually tapping the F8 key until a menu appears.
    Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or
    programs while ewido is scanning, it may interfere with the scanning proccess:
  2. Lauch ewido-anti-spyware by double-clicking the icon on your desktop.
  3. Select the "Scanner" icon at the top and then the "Scan" tab
    then click on "Complete System Scan".
  4. AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  5. If you have any infections you will prompted, then select "Apply all
    actions
    "
  6. Next select the "Reports" icon at the top.
  7. Select the "Save report as" button in the lower left hand of the
    screen and save it to a text file on your system (make sure to remember where
    you saved that file, this is important).
  8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.


STEP 2.
======
GMER
Please create a new subfolder in the Program Files folder called GMER. If you have an older version of GMER installed, you must delete it.
  • Download GMER and extract it to the C:\program files\GMER folder.
  • Please rename the GMER file
    Note: You can rename gmer.exe to anything you like as long as you keep the .exe ending.
    Run the Gmer.exe renamed program by double-clicking the executable file (gmer.exe) in Windows Explorer.
    You may be prompted to scan immediately if GMER detects rootkit activity.
    • If you are prompted to scan your system click "yes" to begin the scan.
    • If you are not prompted, Click the "Rootkit" tab, then click "Scan".
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then save the results in a notepad file and copy and paste them in your next reply.

STEP 3.
======
Deckardís System Scanner

Download
Deckard's System Scanner (DSS)
to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

Please post(reply) with the logs from the AVG anti-spyware, GMER, and the Deckardís System Scanner.
Susan528 is offline  
Sponsored Links
Advertisement
 
Old 04-28-2007, 06:10 PM   #4
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



hi thanks will try this in the morning as I am drinking wine at the moment.
cally120 is offline  
Old 04-28-2007, 06:15 PM   #5
Guest
 
Join Date: Nov 2006
Posts: 207
OS:



Don't blame you! When I drink wine, I get too sleepy and relaxed to concentrate!
Susan528 is offline  
Old 04-29-2007, 08:12 AM   #6
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



Hi Im having problems posting all the logs as it keeps saying it is too long, so Im going to have to split it up into sections.

AVG

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:32:43 29/04/2007

+ Scan result:



:mozilla.92:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.93:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.94:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.95:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.96:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Connextra : Cleaned.
C:\Documents and Settings\Carol\Local Settings\Temp\Cookies\[email protected][1].txt -> TrackingCookie.Connextra : Cleaned.
:mozilla.121:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.122:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.123:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Intelli-direct : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.492:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Paypal : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][2].txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.318:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.319:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.320:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.321:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.345:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Skype : Cleaned.
:mozilla.354:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.355:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][2].txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.374:C:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\gk9tp156.default\cookies.txt -> TrackingCookie.Toplist : Cleaned.
C:\Documents and Settings\Carol\Cookies\[email protected][2].txt -> TrackingCookie.Toplist : Cleaned.


::Report end
cally120 is offline  
Old 04-29-2007, 08:17 AM   #7
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



GMER 1.0.12.12244 - https://www.gmer.net
Rootkit scan 2007-04-29 15:05:33
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwDeleteValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwSetValueKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\iksysflt.sys ZwWriteVirtualMemory

Code \SystemRoot\system32\drivers\mfehidk.sys ZwCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys ZwMapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwOpenKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwProtectVirtualMemory
Code \SystemRoot\system32\drivers\mfehidk.sys ZwRenameKey
Code \SystemRoot\system32\drivers\mfehidk.sys ZwUnmapViewOfSection
Code \SystemRoot\system32\drivers\mfehidk.sys ZwYieldExecution
Code \SystemRoot\system32\drivers\mfehidk.sys NtCreateFile
Code \SystemRoot\system32\drivers\mfehidk.sys NtMapViewOfSection

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwYieldExecution 80503FC8 7 Bytes JMP ECDCE5B9 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtCreateFile 80577ED2 5 Bytes JMP ECDCE57B \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!NtMapViewOfSection 805B0A7E 7 Bytes JMP ECDCE5CF \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwUnmapViewOfSection 805B188C 5 Bytes JMP ECDCE5E5 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwProtectVirtualMemory 805B6E52 7 Bytes JMP ECDCE58F \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwRenameKey 80621B2A 7 Bytes JMP ECDCE527 \SystemRoot\system32\drivers\mfehidk.sys
PAGE ntkrnlpa.exe!ZwOpenKey 8062349A 5 Bytes JMP ECDCE4EB \SystemRoot\system32\drivers\mfehidk.sys
? C:\WINDOWS\system32\DRIVERS\update.sys
? C:\WINDOWS\system32\Drivers\mchInjDrv.sys The system cannot find the file specified.

---- User code sections - GMER 1.0.12 ----

.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[136] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[136] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[136] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe[148] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe[148] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe[148] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + FFE27297 7C9C2179 10 Bytes [ FC, FF, 00, 9C, FC, FF, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + FFE272A2 7C9C2184 3 Bytes [ 9E, FC, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + FFE272A6 7C9C2188 3 Bytes [ D6, FC, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + FFE272AA 7C9C218C 3 Bytes [ 85, FD, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + FFE272AE 7C9C2190 3 Bytes [ 9C, FD, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceExW + 1B 7C9EA72C 8 Bytes [ FF, B2, 29, 00, FF, B6, 31, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceExW + 24 7C9EA735 22 Bytes [ B6, 39, 00, FF, BA, 42, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceExW + 3B 7C9EA74C 7 Bytes [ FF, BE, 42, 00, FF, C3, 4A ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceExW + 44 7C9EA755 15 Bytes [ C3, 52, 00, FF, C7, 5A, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceExW + 54 7C9EA765 39 Bytes [ C7, 52, 00, FF, CB, 5A, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFree + 98 7C9EAB42 385 Bytes [ 88, 54, 5A, 1D, 58, 1F, 4E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFree + 28 7C9EACC4 82 Bytes [ 00, 00, 0F, FF, 00, 00, 0E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFree + 7B 7C9EAD17 75 Bytes [ 00, 00, 00, 00, 01, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFree + C7 7C9EAD63 4 Bytes [ 00, F7, F3, F7 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFree + CC 7C9EAD68 27 Bytes [ EF, EB, EF, 00, E7, E3, E7, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFree + E8 7C9EAD84 24 Bytes [ AD, A2, A5, 00, D6, CB, CE, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadOLE + 23 7C9EAE14 71 Bytes [ CE, 9A, 9C, 00, B5, 8A, 8C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadOLE + 6B 7C9EAE5C 19 Bytes [ C6, 5D, 5A, 00, CE, 65, 63, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadOLE + 7F 7C9EAE70 95 Bytes [ AD, 65, 63, 00, C6, 75, 73, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadOLE + DF 7C9EAED0 31 Bytes [ 9C, 6D, 6B, 00, A5, 75, 73, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadOLE + FF 7C9EAEF0 43 Bytes [ AD, 86, 84, 00, C6, 9E, 9C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAlloc + 1C 7C9EAF1C 115 Bytes [ DE, CF, CE, 00, 8C, 51, 4A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILGetSize + 60 7C9EAF90 19 Bytes [ EF, A2, 39, 00, EF, B6, 6B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILClone + F 7C9EAFA4 64 Bytes [ FF, AE, 39, 00, FF, B6, 4A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILClone + 50 7C9EAFE5 6 Bytes [ BE, 4A, 00, F7, C3, 6B ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILClone + 57 7C9EAFEC 4 Bytes [ F7, D7, 9C, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILClone + 5C 7C9EAFF1 58 Bytes [ BA, 39, 00, FF, BE, 42, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILClone + 97 7C9EB02C 42 Bytes [ 99, 99, 99, FF, 99, 99, 99, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCloneFirst + 12 7C9EB216 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCloneFirst + 16 7C9EB21A 54 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCloneFirst + 4D 7C9EB251 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCloneFirst + 54 7C9EB258 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCloneFirst + 64 7C9EB268 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCombine + 11 7C9EB2C6 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCombine + 15 7C9EB2CA 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCombine + 1B 7C9EB2D0 82 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCombine + 6E 7C9EB323 37 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCombine + 94 7C9EB349 28 Bytes [ 00, 00, 00, 99, 99, 99, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDesktopFolder + 4C 7C9EB954 7 Bytes [ 88, 85, 85, FF, 89, 7E, 7E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDesktopFolder + 54 7C9EB95C 51 Bytes [ 33, 33, 33, FF, 47, 47, 47, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDesktopFolder + 88 7C9EB990 22 Bytes [ 7B, 6A, 6A, FF, 2B, 2B, 2B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDesktopFolder + 9F 7C9EB9A7 9 Bytes [ 6E, 00, 00, 00, 39, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDesktopFolder + AA 7C9EB9B2 186 Bytes [ 00, 09, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHRestricted + 20 7C9EC255 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHRestricted + 23 7C9EC258 77 Bytes [ FC, FC, FC, FF, F5, F5, F5, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHRestricted + 71 7C9EC2A6 3 Bytes [ 00, 06, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHRestricted + 75 7C9EC2AA 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHRestricted + 77 7C9EC2AC 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILRemoveLastID + 12 7C9EC362 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILRemoveLastID + 1A 7C9EC36A 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILRemoveLastID + 1E 7C9EC36E 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILRemoveLastID + 25 7C9EC375 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILRemoveLastID + 39 7C9EC389 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetSettings + 2A 7C9EC573 8 Bytes [ 01, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetSettings + 33 7C9EC57C 47 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetSettings + 63 7C9EC5AC 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetSettings + 6E 7C9EC5B7 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetSettings + 77 7C9EC5C0 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCLSIDFromString + 9 7C9EC955 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCLSIDFromString + 1F 7C9EC96B 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCLSIDFromString + 3D 7C9EC989 39 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCLSIDFromString + 66 7C9EC9B2 51 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCLSIDFromString + 9A 7C9EC9E6 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindLastID + 2A 7C9ECB3F 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindLastID + 38 7C9ECB4D 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindLastID + 49 7C9ECB5E 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindLastID + 53 7C9ECB68 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindLastID + 64 7C9ECB79 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHParseDisplayName + 1B 7C9EDD24 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHParseDisplayName + 37 7C9EDD40 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHParseDisplayName + 3F 7C9EDD48 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHParseDisplayName + 5F 7C9EDD68 46 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHParseDisplayName + 8F 7C9EDD98 23 Bytes [ F8, 00, 00, 0F, FF, FF, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHILCreateFromPath + 9F 7C9EE378 15 Bytes [ AC, 7A, 7D, F1, 79, 45, 4F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHILCreateFromPath + AF 7C9EE388 143 Bytes [ D8, B6, B6, FF, D6, B2, B2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHILCreateFromPath + 13F 7C9EE418 26 Bytes [ AE, A3, A3, FF, AE, A3, A3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHILCreateFromPath + 15B 7C9EE434 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHILCreateFromPath + 15F 7C9EE438 15 Bytes [ 00, 00, 00, 00, BD, 83, 84, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPath + 11 7C9EE490 163 Bytes [ A4, 83, 83, FF, AE, 9B, 9B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPath + B5 7C9EE534 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPath + CA 7C9EE549 2 Bytes [ A8, 1F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPath + CD 7C9EE54C 41 Bytes [ FF, AA, 22, FF, FF, AB, 24, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPath + F7 7C9EE576 17 Bytes [ C0, FF, D4, AC, AC, FF, CD, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathW + 14 7C9EEF16 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathW + 1E 7C9EEF20 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathW + 3F 7C9EEF41 12 Bytes [ 00, 03, 3F, 00, 00, 00, 0F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathW + 4D 7C9EEF4F 25 Bytes [ 00, 00, 00, 00, 00, 80, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathW + 67 7C9EEF69 5 Bytes [ 00, 00, 00, C0, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderLocation + 1C 7C9EF409 10 Bytes [ B5, 2E, FF, FF, B6, 39, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderLocation + 27 7C9EF414 7 Bytes [ FF, B9, 3F, FF, FF, B8, 3B ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderLocation + 30 7C9EF41D 59 Bytes [ B9, 38, FF, FF, BB, 41, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderLocation + 6C 7C9EF459 23 Bytes [ 00, 00, 00, 6B, 53, 53, 19, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderLocation + 2 7C9EF471 3 Bytes [ BF, 4D, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderLocation + 6 7C9EF475 6 Bytes [ C1, 50, FF, FF, C1, 50 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderLocation + D 7C9EF47C 7 Bytes [ FF, C1, 4F, FF, FF, BF, 4B ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderLocation + 16 7C9EF485 67 Bytes [ BD, 42, FF, FF, BD, 3D, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderLocation + 5A 7C9EF4C9 30 Bytes [ C4, 50, FF, FF, C6, 59, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCoCreateInstance + 2 7C9EF774 102 Bytes [ D0, C0, A8, FF, E1, D6, B5, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCoCreateInstance + 69 7C9EF7DB 71 Bytes [ FF, B0, 8E, 8D, FF, B6, 93, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCoCreateInstance + B1 7C9EF823 159 Bytes [ 00, 00, 00, 00, 01, B3, A9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCoCreateInstance + 151 7C9EF8C3 37 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCoCreateInstance + 177 7C9EF8E9 55 Bytes [ 00, 01, FF, 00, 00, 00, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllGetClassObject + 2E 7C9EF957 130 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllGetClassObject + B1 7C9EF9DA 17 Bytes [ 15, 08, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllGetClassObject + C3 7C9EF9EC 19 Bytes [ 99, 63, 69, 39, D4, CC, CC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllGetClassObject + D7 7C9EFA00 59 Bytes [ D3, BE, BE, FF, BF, A0, A0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllGetClassObject + 113 7C9EFA3C 3 Bytes [ DF, DE, DE ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBindToParent + 11 7C9EFBE0 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBindToParent + 16 7C9EFBE5 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBindToParent + 1D 7C9EFBEC 1 Byte [ 9B ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBindToParent + 1F 7C9EFBEE 43 Bytes [ 80, 48, E3, C7, B3, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBindToParent + 4B 7C9EFC1A 74 Bytes [ 15, 11, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsNetDrive + B 7C9F0BFA 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsNetDrive + 1A 7C9F0C09 22 Bytes [ 81, 8B, 92, 96, 9B, 99, 97, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsNetDrive + 32 7C9F0C21 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsNetDrive + 42 7C9F0C31 27 Bytes [ B8, A5, 27, 31, 3A, 35, 35, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsNetDrive + 5E 7C9F0C4D 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DriveType + 1E 7C9F149C 15 Bytes [ 4A, 4A, 4A, 00, 49, 49, 49, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DriveType + 2E 7C9F14AC 45 Bytes [ 45, 45, 45, 00, 44, 44, 44, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DriveType + 5D 7C9F14DB 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DriveType + 5F 7C9F14DD 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DriveType + 80 7C9F14FE 44 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDListW + 7D 7C9F1651 102 Bytes [ 00, 9B, 6E, 4D, 50, 53, 5D, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDListW + E4 7C9F16B8 24 Bytes [ 62, 66, 6B, 60, 53, 5C, 55, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDListW + FD 7C9F16D1 63 Bytes [ 00, B9, 65, 59, 5C, 60, 62, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDListW + 13E 7C9F1712 50 Bytes [ AA, 63, 60, 62, 66, 6B, 6C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDListW + 171
cally120 is offline  
Old 04-29-2007, 08:19 AM   #8
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



GMER continued:

.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsEqual + 9 7C9F17C8 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsEqual + 30 7C9F17EF 60 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsEqual + 6F 7C9F182E 54 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsEqual + A6 7C9F1865 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsEqual + AB 7C9F186A 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSimpleIDListFromPath + B 7C9F18D4 14 Bytes [ 00, 18, 3E, 3E, 3E, 3E, 3E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSimpleIDListFromPath + 1A 7C9F18E3 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSimpleIDListFromPath + 44 7C9F190D 26 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSimpleIDListFromPath + 5F 7C9F1928 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSimpleIDListFromPath + 70 7C9F1939 3 Bytes [ 80, 00, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderPathW + 10 7C9F1967 40 Bytes [ 03, C0, 00, 00, 03, C0, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderPathW + 39 7C9F1990 7 Bytes [ FE, 00, 0F, FF, FC, 00, 1F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderPathW + 41 7C9F1998 11 Bytes [ FC, 00, 1F, FF, FC, 00, 1F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderPathW + 4D 7C9F19A4 21 Bytes [ F8, 00, 3F, FF, F0, 00, 7F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSpecialFolderPathW + 63 7C9F19BA 29 Bytes [ 00, 00, 01, 00, 08, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowW + 19 7C9F19D8 23 Bytes [ 00, 00, 00, 00, A6, 86, 86, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowW + 31 7C9F19F0 40 Bytes [ 81, 7B, 7B, 00, B6, B3, B3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowW + 5A 7C9F1A19 18 Bytes [ D4, C5, 00, EF, DC, D5, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowW + 6D 7C9F1A2C 15 Bytes [ FF, D6, B3, 00, FF, D4, AF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowW + 7D 7C9F1A3C 34 Bytes [ FF, E5, CB, 00, FF, ED, DC, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsParent + 53 7C9F1AD8 63 Bytes [ B2, B2, B2, 00, B1, B1, B1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsParent + 93 7C9F1B18 39 Bytes [ 93, 93, 93, 00, 92, 92, 92, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILIsParent + BB 7C9F1B40 19 Bytes [ 82, 82, 82, 00, 80, 80, 80, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindChild + F 7C9F1B54 33 Bytes [ 76, 76, 76, 00, 73, 73, 73, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindChild + 31 7C9F1B76 5 Bytes [ 57, 00, 55, 55, 55 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindChild + 37 7C9F1B7C 11 Bytes [ 50, 50, 50, 00, 4E, 4E, 4E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindChild + 43 7C9F1B88 4 Bytes [ 43, 43, 43, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILFindChild + 48 7C9F1B8D 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyDeregister + 1D 7C9F55A6 15 Bytes [ 00, 34, 00, 00, 00, 74, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyDeregister + 2D 7C9F55B6 79 Bytes [ 00, 6C, 00, 00, 00, 7C, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyDeregister + 7E 7C9F5607 40 Bytes [ 51, 00, 00, 00, 1F, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyDeregister + A7 7C9F5630 154 Bytes [ A6, 86, 86, FF, B6, B3, B3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyDeregister + 142 7C9F56CB 8 Bytes [ 85, 00, 00, 00, 12, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetImageLists + 12 7C9F5F6D 8 Bytes [ 01, 00, 00, FF, FF, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetImageLists + 1B 7C9F5F76 21 Bytes [ 00, 00, FF, FF, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetImageLists + 31 7C9F5F8C 26 Bytes [ 00, 03, 00, 00, FF, FF, 80, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetImageLists + 4D 7C9F5FA8 11 Bytes [ FF, FF, F8, 00, 00, 3F, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetImageLists + 5A 7C9F5FB5 54 Bytes [ 7F, 00, 00, FF, FF, F8, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetCachedImageIndex + 112 7C9F632F 5 Bytes [ 01, FF, E0, 00, 01 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetCachedImageIndex + 118 7C9F6335 140 Bytes [ E0, 00, 01, FF, E0, 00, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetCachedImageIndex + 1A5 7C9F63C2 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetCachedImageIndex + 1AA 7C9F63C7 42 Bytes [ 00, 00, 80, 00, 00, 00, 80, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_GetCachedImageIndex + 1D6 7C9F63F3 12 Bytes [ 00, FF, 00, FF, 00, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyRegister + 165 7C9F712C 70 Bytes JMP 69815520
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyRegister + 1AC 7C9F7173 21 Bytes [ 00, 00, 00, 00, 00, 31, 31, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyRegister + 1C2 7C9F7189 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyRegister + 1C8 7C9F718F 27 Bytes [ 00, 04, D4, DD, DA, DA, F1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifyRegister + 1E5 7C9F71AC 19 Bytes [ 00, 03, 03, 03, 2D, 2B, 29, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_MergeMenus + 37 7C9F76FB 148 Bytes [ 00, 2A, 6A, 07, 00, 79, C2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_MergeMenus + CC 7C9F7790 65 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_MergeMenus + 10E 7C9F77D2 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_MergeMenus + 12A 7C9F77EE 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_MergeMenus + 133 7C9F77F7 65 Bytes [ 00, 00, 00, 00, 00, 2A, 2A, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderView + 6E 7C9F8D94 32 Bytes [ CC, 9E, 9E, FF, B0, 7E, 7E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderView + 91 7C9F8DB7 179 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderView + 146 7C9F8E6C 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderView + 14D 7C9F8E73 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderView + 150 7C9F8E76 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapIDListToImageListIndexAsync + A 7C9FB23C 55 Bytes [ BA, 87, 87, 30, D4, BE, BE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapIDListToImageListIndexAsync + 42 7C9FB274 32 Bytes [ BA, 78, 78, FF, BB, 77, 77, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapIDListToImageListIndexAsync + 63 7C9FB295 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapIDListToImageListIndexAsync + 79 7C9FB2AB 80 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapIDListToImageListIndexAsync + CA 7C9FB2FC 24 Bytes [ D0, A9, A9, FF, B9, 88, 8A, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 1B 7C9FBB7C 79 Bytes JMP 1D9F4542
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 6B 7C9FBBCC 5 Bytes [ A6, 98, 98, FF, A2 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 72 7C9FBBD3 66 Bytes [ FF, A3, 8F, 8F, FF, A5, 8D, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapPIDLToSystemImageListIndex + B5 7C9FBC16 53 Bytes [ 00, 00, FD, F2, B5, 8F, 9E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMapPIDLToSystemImageListIndex + EB 7C9FBC4C 7 Bytes [ E2, DB, DB, FF, EC, E4, E4 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsExe + C2 7C9FE808 48 Bytes [ C0, 3F, FC, 03, 80, 1F, F8, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsExe + F3 7C9FE839 15 Bytes [ 1E, 10, 01, 00, 1F, 30, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsExe + 103 7C9FE849 3 Bytes [ F0, 03, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsExe + 107 7C9FE84D 14 Bytes [ E0, 03, FF, FF, E0, 03, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsExe + 116 7C9FE85C 11 Bytes [ FF, F8, 03, FF, FF, F0, 03, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDrive + B 7C9FEA44 27 Bytes [ DE, D8, B4, 00, FF, FC, C6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDrive + 27 7C9FEA60 3 Bytes [ 2E, 75, B4 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDrive + 2B 7C9FEA64 15 Bytes [ C6, D7, EF, 00, F9, F9, F9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDrive + 3B 7C9FEA74 39 Bytes JMP 62A0D462
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDrive + 63 7C9FEA9C 29 Bytes [ 7C, 7C, 7C, 00, 73, 73, 73, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathResolve + 27 7CA01389 30 Bytes [ FF, FF, F0, FF, FF, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathResolve + 46 7CA013A8 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathResolve + 54 7CA013B6 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathResolve + 63 7CA013C5 11 Bytes [ 00, 00, 2E, 00, 00, 00, 49, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathResolve + 6F 7CA013D1 4 Bytes [ 00, 00, 5F, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteExW + 2 7CA017CD 10 Bytes [ BB, 44, FF, FF, BB, 44, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteExW + D 7CA017D8 60 Bytes [ EE, B2, 67, FF, D9, 90, 71, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteExW + 4A 7CA01815 27 Bytes [ B5, 37, FF, FF, BA, 42, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteExW + 67 7CA01832 9 Bytes [ 00, 8F, 00, 00, 00, 2F, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteExW + 71 7CA0183C 27 Bytes [ A1, 8B, 8B, 79, EE, BD, 82, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllGetVersion + 2 7CA048FC 10 Bytes [ 36, 66, 1B, FF, C6, 60, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllGetVersion + D 7CA04907 201 Bytes [ 7C, 00, 00, 00, 20, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHTestTokenMembership + 3B 7CA049D2 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHTestTokenMembership + 43 7CA049DA 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHTestTokenMembership + 68 7CA049FF 28 Bytes [ FF, AD, 91, 2F, FF, 79, 9F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHTestTokenMembership + 85 7CA04A1C 7 Bytes [ E6, E6, E6, FF, D9, D9, D9 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHTestTokenMembership + 8D 7CA04A24 23 Bytes [ A6, A6, A6, FF, 79, A9, 89, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenRegStream + 5A 7CA04F50 27 Bytes [ 70, DB, 84, FF, 88, E2, 94, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenRegStream + 76 7CA04F6C 7 Bytes [ 9F, F0, AE, FF, D1, F5, B8 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenRegStream + 7E 7CA04F74 19 Bytes [ FF, F1, B0, FF, 9B, E1, 8F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenRegStream + 92 7CA04F88 23 Bytes [ 22, BB, 45, FF, 2B, B5, 39, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenRegStream + AA 7CA04FA0 11 Bytes [ E2, 7C, 00, FF, DB, 75, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractVersionResource16W + 17 7CA04FF4 33 Bytes [ FF, FF, FF, 00, F0, F0, C0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractVersionResource16W + 39 7CA05016 4 Bytes [ 23, 23, 80, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractVersionResource16W + 3E 7CA0501B 56 Bytes [ BE, 00, 00, 23, CD, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractVersionResource16W + 77 7CA05054 1 Byte [ 01 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractVersionResource16W + 79 7CA05056 17 Bytes [ 20, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILLoadFromStream + 37 7CA05E1C 16 Bytes [ B8, 8E, 77, FF, D8, EA, EF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILLoadFromStream + 48 7CA05E2D 14 Bytes [ 99, 00, FF, 00, 99, 8D, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILLoadFromStream + 57 7CA05E3C 147 Bytes [ B4, DC, C7, FF, D8, EA, EF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILLoadFromStream + EB 7CA05ED0 31 Bytes [ 77, DD, FF, FF, 77, DD, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILLoadFromStream + 10B 7CA05EF0 51 Bytes [ 00, C0, E2, FF, 00, A5, 89, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_ShowDragImage + 14 7CA07B0C 59 Bytes [ CD, CB, C7, FF, 47, 22, 09, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_ShowDragImage + 50 7CA07B48 7 Bytes [ A7, D8, DE, FF, D8, EA, EF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_ShowDragImage + 58 7CA07B50 27 Bytes [ D8, EA, EF, FF, D8, EA, EF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_ShowDragImage + 74 7CA07B6C 19 Bytes [ D8, EA, EF, FF, D8, EA, EF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_ShowDragImage + 88 7CA07B80 47 Bytes [ C0, D2, EA, FF, D8, EA, EF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathAndSubDirW + 5F 7CA0A083 30 Bytes [ 00, 00, 00, 00, 00, 34, 3F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathAndSubDirW + 7E 7CA0A0A2 13 Bytes [ 7D, 7F, DF, 92, 4B, 1F, 05, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExW + B 7CA0A0B1 94 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExW + 6A 7CA0A110 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExW + 83 7CA0A129 24 Bytes [ 67, 53, 53, 66, 66, 50, 78, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExW + 9C 7CA0A142 51 Bytes [ 00, 00, 00, 00, 00, 00, 3E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExW + D2 7CA0A178 41 Bytes [ 3E, 49, C4, 01, 01, 01, 01, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateRecycleBinIcon + 91 7CA0ABC8 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateRecycleBinIcon + B1 7CA0ABE8 65 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateRecycleBinIcon + F4 7CA0AC2B 127 Bytes [ 00, 00, 00, 00, 00, 58, C4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateRecycleBinIcon + 174 7CA0ACAB 65 Bytes [ 00, 00, 00, 00, 00, 58, 70, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateRecycleBinIcon + 1B6 7CA0ACED 70 Bytes [ 00, 00, 07, 00, 00, 00, 03, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsUserAnAdmin + 15 7CA0C9D8 15 Bytes [ BE, 9A, 9A, FF, A8, 7C, 7C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsUserAnAdmin + 25 7CA0C9E8 33 Bytes [ A9, 7F, 7F, FF, B4, 90, 90, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsUserAnAdmin + 47 7CA0CA0A 105 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsUserAnAdmin + B1 7CA0CA74 31 Bytes [ CB, 6E, 6E, FF, D0, 7E, 7E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsUserAnAdmin + D1 7CA0CA94 7 Bytes [ D6, B2, B2, FF, BF, 98, 98 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathProcessCommand + B 7CA0D2FE 49 Bytes [ 00, 02, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathProcessCommand + 3D 7CA0D330 5 Bytes [ FB, FB, FB, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathProcessCommand + 44 7CA0D337 36 Bytes [ FF, FF, E6, CC, FF, FF, CC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathProcessCommand + 6A 7CA0D35D 6 Bytes [ CC, 99, FF, FF, CC, 99 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathProcessCommand + 72 7CA0D365 18 Bytes [ CC, 99, FF, FF, CC, 99, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFileAorW + 2 7CA10737 32 Bytes [ FF, 80, 0F, FF, FF, 80, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFileAorW + 23 7CA10758 17 Bytes [ 80, 00, 03, FF, 80, 00, 03, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFileAorW + 36 7CA1076B 9 Bytes [ 3F, 00, 00, 00, 0F, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFileAorW + 41 7CA10776 3 Bytes [ 00, 01, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFileAorW + 45 7CA1077A 3 Bytes [ 00, 01, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListA + 5 7CA1A792 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListA + B 7CA1A798 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListA + 16 7CA1A7A3 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListA + 1C 7CA1A7A9 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListA + 23 7CA1A7B0 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetFolderCustomSettingsW + B 7CA1CA31 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetFolderCustomSettingsW + 2D 7CA1CA53 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetFolderCustomSettingsW + 35 7CA1CA5B 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetFolderCustomSettingsW + 3A 7CA1CA60 19 Bytes [ 7D, 7D, 7D, 7A, 88, 88, 88, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSetFolderCustomSettingsW + 4E 7CA1CA74 32 Bytes [ BE, 93, 9B, FF, 5D, 46, 46, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetLocalizedName + 1B 7CA204BF 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetLocalizedName + 2E 7CA204D2 17 Bytes [ 00, 00, CA, AA, AA, B2, EE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetLocalizedName + 40 7CA204E4 40 Bytes [ EF, EF, EF, FF, E4, E4, E4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetLocalizedName + 6B 7CA2050F 53 Bytes [ 1A, 00, 00, 00, 04, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetLocalizedName + A3 7CA20547 88 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushSFCache + D 7CA205E3 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushSFCache + 1E 7CA205F4 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushSFCache + 4F 7CA20625 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushSFCache + 57 7CA2062D 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushSFCache + 78 7CA2064E 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIcon + 1F 7CA20C98 58 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIcon + 5B 7CA20CD4 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIcon + 65 7CA20CDE 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIcon + 6B 7CA20CE4 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIcon + 70 7CA20CE9 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Lock + 10 7CA21A11 13 Bytes [ 00, 00, 58, 00, 00, 00, 3B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Lock + 1E 7CA21A1F 10 Bytes [ 10, 00, 00, 00, 06, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Lock + 2A 7CA21A2B 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Lock + 2E 7CA21A2F 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Lock + 53 7CA21A54 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIconW + 2 7CA21B6C 61 Bytes [ F1, F1, F1, FF, F2, F2, F2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIconW + 41 7CA21BAB 7 Bytes [ 0A, 00, 00, 00, 03, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIconW + 49 7CA21BB3 1 Byte [ 01 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIconW + 4B 7CA21BB5 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Shell_NotifyIconW + 5E 7CA21BC8 21 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconW + 30 7CA22335 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconW + 42 7CA22347 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconW + 5A 7CA2235F 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconW + 6E 7CA22373 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconW + 94 7CA22399 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHExtractIconsW + 42 7CA223F8 4 Bytes [ FF, 00, 00, F0 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHExtractIconsW + 47 7CA223FD 11 Bytes [ E0, 00, FF, FF, E0, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHExtractIconsW + 53 7CA22409 7 Bytes [ F0, 01, FF, FF, F0, 01, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHExtractIconsW + 5B 7CA22411 2 Bytes [ F0, 01 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHExtractIconsW + 5E 7CA22414 24 Bytes [ FF, F0, 01, FF, FF, F0, 01, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetImageList + BA 7CA23827 9 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetImageList + C4 7CA23831 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetImageList + CA 7CA23837 14 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetImageList + DA 7CA23847 46 Bytes [ DD, DD, DD, DD, DD, DD, DD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetImageList + 109 7CA23876 143 Bytes [ E0, DD, DD, DD, DD, DD, DD, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathA + 3E5 7CA23E08 120 Bytes [ 09, 79, EC, E0, DD, DD, DD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathA + 45E 7CA23E81 201 Bytes [ 44, 2B, 10, 02, 02, 05, 08, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathA + 528 7CA23F4B 4 Bytes [ 41, 29, 1A, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathA + 52D 7CA23F50 56 Bytes [ 01, 01, 01, 02, 02, 02, 05, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathA + 566 7CA23F89 315 Bytes [ 00, 74, E0, DD, DD, DD, DD, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllCanUnloadNow + 27 7CA241E0 15 Bytes [ 00, 00, 00, 00, 0F, FF, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllCanUnloadNow + 37 7CA241F0 38 Bytes [ 00, 00, 00, 00, 0F, FF, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllCanUnloadNow + 5E 7CA24217 38 Bytes [ 00, 80, 00, F8, 00, 7F, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllCanUnloadNow + 87 7CA24240 55 Bytes [ 40, 00, 00, 00, 01, 00, 08, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllCanUnloadNow + BF 7CA24278 9 Bytes [ DE, FC, FF, 00, D7, FD, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Unlock + 24 7CA24558 15 Bytes [ F8, A6, 27, 00, 48, 68, E0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Unlock + 34 7CA24568 19 Bytes [ CC, B2, 19, 00, 07, 64, F7, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Unlock + 48 7CA2457C 22 Bytes [ C0, 7D, 80, 00, 0E, 86, AE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Unlock + 5F 7CA24593 104 Bytes [ 00, 40, 58, D8, 00, 24, A6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotification_Unlock + C8 7CA245FC 83 Bytes [ 33, 67, 76, 00, 00, 99, 22, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotify + 34 7CA24A61 14 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotify + 43 7CA24A70 11 Bytes [ FE, 00, 00, 00, FE, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotify + 4F 7CA24A7C 1 Byte [ C0 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotify + 51 7CA24A7E 15 Bytes [ 00, 00, 80, 00, 00, 00, 80, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotify + 62 7CA24A8F 6 Bytes [ 00, 80, 00, 00, 00, 80 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconExW + C1 7CA261C0 34 Bytes [ FF, FF, FF, FF, FF, FF, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconExW + E4 7CA261E3 5 Bytes [ FF, FF, FF, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconExW + EA 7CA261E9 11 Bytes [ FF, FF, FF, FF, FF, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconExW + F6 7CA261F5 42 Bytes [ FF, 00, 00, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconExW + 121 7CA26220 1 Byte [ FE ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCloneSpecialIDList + 1A 7CA264AD 58 Bytes [ F0, 11, 11, 11, 11, 11, 17, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCloneSpecialIDList + 55 7CA264E8 17 Bytes [ FF, FF, FF, FF, FF, FF, 70, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCloneSpecialIDList + 67 7CA264FA 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCloneSpecialIDList + 6B 7CA264FE 163 Bytes [ 80, 11, 70, 00, 00, 11, 78, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCloneSpecialIDList + 10F 7CA265A2 16 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfoW + B 7CA2AE03 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfoW + 2A 7CA2AE22 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfoW + 30 7CA2AE28 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfoW + 34 7CA2AE2C 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfoW + 37 7CA2AE2F 5 Bytes [ 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragAcceptFiles + B 7CA2AFB9 29 Bytes [ C0, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragAcceptFiles + 29 7CA2AFD7 11 Bytes [ 00, 00, E0, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragAcceptFiles + 35 7CA2AFE3 33 Bytes [ 00, 00, 00, 00, 00, FF, F0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragAcceptFiles + 57 7CA2B005 36 Bytes [ F4, C1, 00, F1, E7, BB, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragAcceptFiles + 7C 7CA2B02A 14 Bytes [ CE, 00, FF, FF, D5, 00, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetMalloc + 2E 7CA2B1D6 264 Bytes [ 00, 00, 1B, 3F, 62, 61, 74, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetMalloc + 138 7CA2B2E0 43 Bytes [ 3B, C8, 55, 60, 5F, 5F, 72, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetMalloc + 164 7CA2B30C 26 Bytes [ 00, 00, 00, 00, 3E, C7, 36, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetMalloc + 17F 7CA2B327 47 Bytes [ 00, 3D, C6, 01, 01, 01, C3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetMalloc + 1AF 7CA2B357 88 Bytes [ 00, 47, C4, 01, 01, 01, 01, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILSaveToStream + F 7CA2F263 4 Bytes [ 00, 33, CC, 33 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILSaveToStream + 14 7CA2F268 22 Bytes [ 33, CC, 99, 00, 33, CC, CC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILSaveToStream + 2B 7CA2F27F 20 Bytes [ 00, 66, 33, 33, 00, 66, 33, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILSaveToStream + 40 7CA2F294 57 Bytes [ 66, 66, 33, 00, 66, 66, 66, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILSaveToStream + 7A 7CA2F2CE 13 Bytes [ 33, 00, 66, FF, CC, 00, 99, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAddToRecentDocs + A 7CA2FB54 24 Bytes [ 01, 00, 04, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAddToRecentDocs + 23 7CA2FB6D 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAddToRecentDocs + 27 7CA2FB71 25 Bytes [ 00, 00, 00, 00, 00, 80, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAddToRecentDocs + 42 7CA2FB8C 14 Bytes [ C0, C0, C0, 00, 80, 80, 80, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAddToRecentDocs + 52 7CA2FB9C 10 Bytes [ 00, FF, FF, 00, FF, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Win32DeleteFile + 7 7CA302F4 6 Bytes [ 33, 33, FF, 00, 33, 66 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Win32DeleteFile + F 7CA302FC 3 Bytes [ 33, 66, 33 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Win32DeleteFile + 13 7CA30300 69 Bytes [ 33, 66, 66, 00, 33, 66, 99, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Win32DeleteFile + 59 7CA30346 9 Bytes [ 66, 00, 33, FF, 99, 00, 33, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Win32DeleteFile + 63 7CA30350 23 Bytes [ 33, FF, FF, 00, 66, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathYetAnotherMakeUniqueName + B 7CA306BC 53 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathYetAnotherMakeUniqueName + 41 7CA306F2 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathYetAnotherMakeUniqueName + 49 7CA306FA 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathYetAnotherMakeUniqueName + 58 7CA30709 78 Bytes [ F1, F7, F7, ED, ED, ED, EB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathYetAnotherMakeUniqueName + A7 7CA30758 125 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathCleanupSpec + 17 7CA308AB 40 Bytes [ BC, 07, BC, 07, 07, EF, EB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathCleanupSpec + 40 7CA308D4 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathCleanupSpec + 6A 7CA308FE 29 Bytes [ 00, 00, 00, 00, 00, ED, ED, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathCleanupSpec + 89 7CA3091D 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathCleanupSpec + 8F 7CA30923 9 Bytes [ 00, 00, ED, ED, F6, F6, ED, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfoW + B 7CA3093D 69 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfoW + 52 7CA30984 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfoW + 60 7CA30992 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfoW + 6C 7CA3099E 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfoW + 75 7CA309A7 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrIW + 33 7CA30FC2 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrIW + 37 7CA30FC6 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrIW + 3E 7CA30FCD 36 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrIW + 63 7CA30FF2 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrIW + 6D 7CA30FFC 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfo + 47 7CA313C0 93 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfo + A6 7CA3141F 99 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfo + 10A 7CA31483 150 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfo + 1A1 7CA3151A 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFileInfo + 1A4 7CA3151D 30 Bytes [ 00, 00, 00, 00, ED, ED, F6, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconW + 10 7CA31676 50 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconW + 43 7CA316A9 47 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconW + 73 7CA316D9 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconW + 88 7CA316EE 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconW + 8A 7CA316F0 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILGetNext + 1F 7CA3424E 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILGetNext + 2E 7CA3425D 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILGetNext + 41 7CA34270 34 Bytes [ 80, 00, 00, 01, C0, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILGetNext + 65 7CA34294 7 Bytes [ 00, 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILGetNext + 6E 7CA3429D 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ReadCabinetState + 12 7CA344A3 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ReadCabinetState + 15 7CA344A6 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ReadCabinetState + 2A 7CA344BB 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ReadCabinetState + 33 7CA344C4 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ReadCabinetState + 3F 7CA344D0 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDList + B 7CA349FC 47 Bytes [ 07, 2F, BE, 00, 0A, 32, C0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDList + 3B 7CA34A2C 39 Bytes [ 29, 51, DC, 00, 2A, 50, DC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDList + 63 7CA34A54 255 Bytes [ BB, C8, F6, 00, E0, E6, FB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDList + 163 7CA34B54 47 Bytes JMP 6520AE59
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetPathFromIDList + 193 7CA34B84 103 Bytes [ 76, 8D, EC, 00, 77, 8E, EC, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgReadMultiple + 2 7CA3786C 57 Bytes [ 02, 2B, C1, FF, 01, 22, A0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgReadMultiple + 3C 7CA378A6 35 Bytes [ FF, FF, E7, EC, FC, FF, 93, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgReadMultiple + 61 7CA378CB 82 Bytes [ FF, FF, FF, FF, FF, AA, BF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgReadMultiple + B4 7CA3791E 45 Bytes [ FF, FF, FF, FF, FF, FF, A3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgReadMultiple + E2 7CA3794C 15 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetRealIDL + 4D 7CA38B82 1 Byte [ FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetRealIDL + 4F 7CA38B84 3 Bytes [ 48, 66, E5 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetRealIDL + 53 7CA38B88 31 Bytes [ 72, 8A, EB, FF, 7B, 92, EC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetRealIDL + 73 7CA38BA8 15 Bytes CALL 58788BA8
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetRealIDL + 83 7CA38BB8 11 Bytes [ FF, FF, FF, FF, F6, F8, FE, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableA + B 7CA3F77B 44 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableA + 39 7CA3F7A9 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableA + 4A 7CA3F7BA 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableA + 5E 7CA3F7CE 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableA + 78 7CA3F7E8 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableW + B 7CA3F80D 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableW + 18 7CA3F81A 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableW + 35 7CA3F837 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableW + 40 7CA3F842 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExecutableW + 52 7CA3F854 40 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSettings + 30 7CA3F951 10 Bytes [ FF, 00, 00, FF, FF, FF, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSettings + 3B 7CA3F95C 6 Bytes [ 00, 00, 00, 00, 8F, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSettings + 42 7CA3F963 11 Bytes [ 00, 00, 00, 00, 00, 8F, 0F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSettings + 4E 7CA3F96F 4 Bytes [ 00, 8F, 08, 0F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetSettings + 54 7CA3F975 15 Bytes [ 00, 00, 00, 8F, F0, 0F, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteW + B 7CA40715 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteW + 25 7CA4072F 660 Bytes [ 00, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteW + 2BA 7CA409C4 163 Bytes [ 19, 27, 5F, 3F, 5D, 30, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteW + 35E 7CA40A68 248 Bytes [ 01, 09, 36, 39, 02, 02, 02, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstW + 92 7CA40B61 16 Bytes [ 00, 00, 03, 00, 00, 00, 03, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstW + A4 7CA40B73 10 Bytes [ 03, 00, 00, 00, 03, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstW + AF 7CA40B7E 15 Bytes [ 00, 03, 00, 00, 00, 03, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstW + BF 7CA40B8E 15 Bytes [ 00, 07, C0, 00, 00, 0F, C0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteEx + A
cally120 is offline  
Old 04-29-2007, 08:20 AM   #9
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



GMER continued:
7CA40B9F 26 Bytes [ 3F, F8, 00, 00, 7F, FC, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteEx + 26 7CA40BBB 33 Bytes [ 00, 01, 00, 08, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteEx + 49 7CA40BDE 18 Bytes [ FF, 00, 00, 00, 00, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteEx + 5C 7CA40BF1 6 Bytes [ F3, F7, 00, FF, EF, EF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteEx + 63 7CA40BF8 7 Bytes [ F7, E7, E7, 00, FF, F7, F7 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteA + F 7CA40ECF 44 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteA + 3C 7CA40EFC 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteA + 3F 7CA40EFF 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteA + 46 7CA40F06 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteA + 4B 7CA40F0B 1 Byte [ 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CommandLineToArgvW + 23 7CA410DB 44 Bytes [ 1E, 1E, 06, 06, 06, 06, 06, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CommandLineToArgvW + 50 7CA41108 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CommandLineToArgvW + 52 7CA4110A 7 Bytes [ 00, 1E, 06, 06, 06, 06, 06 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CommandLineToArgvW + 5A 7CA41112 81 Bytes [ 06, 06, 06, 06, 06, 06, 06, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CommandLineToArgvW + AE 7CA41166 94 Bytes [ 00, 00, 00, 00, 00, 3C, 3C, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 68 7CA41D5E 67 Bytes [ 00, 00, 00, 00, 00, 1E, 19, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + AD 7CA41DA3 65 Bytes [ 1E, 06, 06, 06, 06, 06, 06, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + EF 7CA41DE5 185 Bytes [ 50, 50, 50, 50, 50, 50, 50, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 1AA 7CA41EA0 30 Bytes [ 00, 3D, B6, B6, B6, B6, B6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateQueryCancelAutoPlayMoniker + 1C9 7CA41EBF 137 Bytes [ 00, 00, 3D, 8C, B6, B6, B6, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellAboutW + 40 7CA6247B 9 Bytes [ 00, FC, FC, FC, FC, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellAboutW + 4A 7CA62485 134 Bytes [ 00, 00, 00, 00, 00, 00, FC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellAboutA + 82 7CA6250C 26 Bytes [ 85, 85, D6, EF, ED, ED, F1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellAboutA + 9D 7CA62527 16 Bytes [ 00, 3F, B6, B6, B6, B6, AC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellAboutA + AE 7CA62538 16 Bytes [ 00, 3F, 3F, 3F, 54, 45, 2A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellAboutA + BF 7CA62549 29 Bytes [ 00, 00, 00, 00, 00, 00, 34, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellAboutA + DD 7CA62567 6 Bytes [ 00, FF, FF, 00, 00, F0 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHQueryRecycleBinW + 1F 7CA65DE6 31 Bytes [ 00, 00, 00, 00, 00, 01, 33, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHQueryRecycleBinW + 3F 7CA65E06 153 Bytes [ 25, CE, 31, 23, 1E, A1, 32, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHQueryRecycleBinA + 47 7CA65EA0 125 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHQueryRecycleBinA + C5 7CA65F1E 26 Bytes [ AA, FF, 09, 71, A1, FF, 15, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHQueryRecycleBinA + E2 7CA65F3B 18 Bytes [ 01, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHQueryRecycleBinA + F6 7CA65F4F 40 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHQueryRecycleBinA + 11F 7CA65F78 6 Bytes [ 1D, D3, FC, FF, 11, D2 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEmptyRecycleBinW + 21 7CA66179 45 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEmptyRecycleBinW + 4F 7CA661A7 28 Bytes [ 00, 00, 00, 00, 00, 33, 33, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEmptyRecycleBinA + 2 7CA661C4 67 Bytes [ 09, CF, FF, FF, 03, CD, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEmptyRecycleBinA + 46 7CA66208 10 Bytes [ 87, DA, F0, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEmptyRecycleBinA + 51 7CA66213 59 Bytes [ FF, 1E, D7, FF, FF, 31, DC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEmptyRecycleBinA + 8D 7CA6624F 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEmptyRecycleBinA + 92 7CA66254 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateStdEnumFmtEtc + 11 7CA66332 110 Bytes [ 49, 07, 19, 66, 93, 84, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateStdEnumFmtEtc + 80 7CA663A1 20 Bytes [ 66, 99, FF, 2C, 31, 38, AC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateStdEnumFmtEtc + 97 7CA663B8 75 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateStdEnumFmtEtc + E3 7CA66404 27 Bytes [ 63, E2, FF, FF, 0B, D0, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateStdEnumFmtEtc + FF 7CA66420 85 Bytes [ 0A, 77, A7, FF, 08, 6A, 9B, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WriteCabinetState + 1A 7CA66637 16 Bytes [ 02, 27, 27, 3B, 0D, 17, 6D, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WriteCabinetState + 2B 7CA66648 30 Bytes [ B2, F0, FF, FF, 10, D1, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WriteCabinetState + 4A 7CA66667 93 Bytes [ FF, 60, EC, FF, FF, 70, E9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WriteCabinetState + A8 7CA666C5 42 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WriteCabinetState + D3 7CA666F0 168 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFreeNameMappings + 40 7CA68608 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFreeNameMappings + 4F 7CA68617 110 Bytes [ 19, 16, 6F, A2, F4, DB, E9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFreeNameMappings + BE 7CA68686 25 Bytes [ 00, 00, 00, 00, 00, 02, 2B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFreeNameMappings + D8 7CA686A0 2 Bytes [ D1, F6 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFreeNameMappings + DB 7CA686A3 32 Bytes [ FF, 0A, CF, FF, FF, 05, CE, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExA + B 7CA69DEF 65 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExA + 4D 7CA69E31 103 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExA + B7 7CA69E9B 76 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExA + 104 7CA69EE8 31 Bytes [ 00, 00, 01, 00, 0C, 00, 30, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateDirectoryExA + 124 7CA69F08 27 Bytes [ 3F, 01, 18, 18, 10, 00, 01, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperationW + 2 7CA6FD0C 223 Bytes [ 34, A2, DE, FF, 30, A2, DE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperationW + E2 7CA6FDEC 80 Bytes [ 54, A7, E0, FF, 51, A5, DF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperationW + 133 7CA6FE3D 9 Bytes [ 7D, B9, FF, 11, 63, 9A, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperationW + 13E 7CA6FE48 53 Bytes [ FF, FF, FF, FF, 2F, 94, D9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperationW + 174 7CA6FE7E 5 Bytes [ FF, FF, DB, ED, F9 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperation + 2 7CA6FFF4 19 Bytes [ 52, A4, DF, FF, 6E, B3, E4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperation + 16 7CA70008 24 Bytes [ 3C, 9A, DB, FF, 38, 99, DB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperation + 2F 7CA70021 30 Bytes [ A2, DE, FF, 29, 95, DA, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperation + 4E 7CA70040 95 Bytes [ 14, 63, 99, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFileOperation + AE 7CA700A0 27 Bytes [ 2E, 96, DA, FF, 2C, 95, DA, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLL + 2 7CA70B38 47 Bytes [ 5E, AD, E1, FF, 64, AF, E3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLL + 32 7CA70B68 22 Bytes [ 2B, 97, DA, FF, 5C, AF, E2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLL + 49 7CA70B7F 20 Bytes [ FF, 95, C9, EA, FF, 27, 88, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLL + 5E 7CA70B94 83 Bytes [ 3F, 9C, DC, FF, 64, B0, E3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLL + B2 7CA70BE8 7 Bytes [ 19, 6B, A2, FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLLW + 2 7CA70C2D 17 Bytes [ FF, FF, FF, A3, D0, EF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLLW + 15 7CA70C40 43 Bytes [ 7C, BB, E4, FF, 29, 86, C4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLLW + 41 7CA70C6C 35 Bytes [ 5E, AB, E1, FF, 58, A8, E0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLLW + 65 7CA70C90 11 Bytes [ 33, 97, DA, FF, 57, A9, E1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_FillCache_RunDLLW + 71 7CA70C9C 7 Bytes [ F2, F8, FD, FF, 3C, 99, D7 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_RunDLL + 4 7CA71810 86 Bytes [ 8B, 8B, 8B, 8B, 8B, 8B, 8B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_RunDLLW + 2 7CA71867 143 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_RunDLLAsUserW + 39 7CA718F7 20 Bytes [ 8B, 8B, 8B, 30, DD, DD, DD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_RunDLLAsUserW + 4E 7CA7190C 4 Bytes [ FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_RunDLLAsUserW + 53 7CA71911 73 Bytes [ F3, 0D, DD, DD, DD, DD, DD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_RunDLLAsUserW + 9D 7CA7195B 44 Bytes [ FF, E0, 7F, 00, 00, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Control_RunDLLAsUserW + CA 7CA71988 3 Bytes [ 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DuplicateIcon + 5D 7CA71F80 31 Bytes [ FF, D9, A6, 00, FE, DB, AC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DuplicateIcon + 7D 7CA71FA0 28 Bytes [ DA, C7, AA, 00, FF, E2, AF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DuplicateIcon + 9A 7CA71FBD 107 Bytes CALL 71A62077
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FreeIconList + 50 7CA72029 26 Bytes [ FF, CE, 00, FF, FF, D0, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconResInfoW + A 7CA72044 16 Bytes [ FF, FF, DD, 00, FF, FF, DF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconResInfoW + 1C 7CA72056 10 Bytes [ EA, 00, FF, FF, EE, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconResInfoW + 28 7CA72062 41 Bytes [ F8, 00, FF, FF, FC, 00, 99, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconResInfoW + 52 7CA7208C 7 Bytes [ BF, FF, FF, 00, BB, F2, F2 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconResInfoW + 5A 7CA72094 11 Bytes [ B5, E5, E5, 00, CC, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconResInfoA + 2 7CA72545 46 Bytes [ FF, FF, FF, FF, FF, FF, 9C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconResInfoA + 32 7CA72575 141 Bytes [ FF, FF, FF, FF, FF, FF, 9C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExW + 54 7CA72603 7 Bytes [ FF, FF, FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExW + 5C 7CA7260B 43 Bytes [ 9C, A4, DA, C9, AB, F6, A1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExW + 89 7CA72638 44 Bytes [ FF, FF, FF, 9C, A4, DA, D5, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExW + B7 7CA72666 42 Bytes [ FF, FF, FF, FF, FF, 9C, AC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExW + E3 7CA72692 2 Bytes [ FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExA + F 7CA72789 41 Bytes [ FF, FF, 9C, B8, E4, DF, DF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExA + 39 7CA727B3 49 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExA + 6B 7CA727E5 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExA + 71 7CA727EB 39 Bytes [ 9C, BA, C3, D8, D8, D8, 06, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconExA + 99 7CA72813 49 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconW + E 7CA72877 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconW + 11 7CA7287A 45 Bytes [ FF, B7, CF, C3, 95, 95, 95, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconW + 3F 7CA728A8 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconW + 43 7CA728AC 40 Bytes [ D0, C3, 8F, 8F, 8F, 8F, C4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconA + E 7CA728D5 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconA + 11 7CA728D8 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconA + 15 7CA728DC 41 Bytes [ C5, C3, 87, 87, 87, 87, 87, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconA + 3F 7CA72906 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractIconA + 43 7CA7290A 43 Bytes [ FF, 9C, D1, 80, 7E, 7E, 7E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListW + C 7CA72937 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListW + F 7CA7293A 12 Bytes [ FF, B3, D1, 80, 79, 79, 79, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListW + 1C 7CA72947 35 Bytes [ 16, 1B, 1F, 27, 2B, 2E, 25, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListW + 40 7CA7296B 46 Bytes [ A4, DB, 74, 58, 58, 58, 58, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!InternalExtractIconListW + 6F 7CA7299A 37 Bytes [ FF, A4, DC, 5B, 58, 58, 58, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconA + 20 7CA72A55 42 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconA + 4C 7CA72A81 27 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconA + 68 7CA72A9D 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconA + 6D 7CA72AA2 11 Bytes [ FF, A4, A4, A4, A4, A4, A4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ExtractAssociatedIconA + 7A 7CA72AAF 3 Bytes [ FF, FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstA + 2 7CA72B7C 17 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstA + 14 7CA72B8E 13 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstA + 22 7CA72B9C 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstA + 25 7CA72B9F 13 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DoEnvironmentSubstA + 33 7CA72BAD 4 Bytes [ FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceA + B 7CA72C7B 20 Bytes [ 00, 0F, FF, 00, 00, E0, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceA + 20 7CA72C90 29 Bytes [ E0, 00, 00, 00, 03, FF, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceA + 3E 7CA72CAE 21 Bytes [ 00, 00, E0, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceA + 54 7CA72CC4 31 Bytes [ 00, 7F, 00, 00, E0, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDiskFreeSpaceA + 74 7CA72CE4 56 Bytes [ 00, 3F, 00, 00, E0, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHHelpShortcuts_RunDLL + 42 7CA72E81 35 Bytes [ F5, C3, 00, F9, F5, E1, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHHelpShortcuts_RunDLLW + B 7CA72EA5 38 Bytes [ FE, EF, 00, FF, FE, D7, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHObjectProperties + 23 7CA72ECD 14 Bytes [ FF, E1, 00, FF, FF, E3, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHObjectProperties + 32 7CA72EDC 8 Bytes [ FF, FF, F0, 00, FF, FF, F6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHObjectProperties + 3B 7CA72EE5 13 Bytes [ FF, FA, 00, FF, FF, FC, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHObjectProperties + 49 7CA72EF3 40 Bytes [ 00, 9E, FF, FF, 00, A3, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHObjectProperties + 72 7CA72F1C 23 Bytes [ D6, FF, FF, 00, E1, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellMessageBoxA + 2 7CA732CB 63 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellMessageBoxA + 42 7CA7330B 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellMessageBoxA + 45 7CA7330E 9 Bytes [ FF, FF, FF, FF, FF, A4, D3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellMessageBoxA + 4F 7CA73318 25 Bytes [ 7C, 9D, 0C, 18, 1F, 19, 17, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellMessageBoxA + 69 7CA73332 27 Bytes [ FF, AA, D3, A3, BD, 7B, DC, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushClipboard + 3A 7CA733D1 30 Bytes [ FF, FF, C6, DB, D8, E8, 2E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushClipboard + 59 7CA733F0 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushClipboard + 5C 7CA733F3 29 Bytes CALL BAE87616
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushClipboard + 7A 7CA73411 157 Bytes [ FF, FF, C6, CC, B0, E5, 16, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFlushClipboard + 118 7CA734AF 2 Bytes [ FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowA + A 7CA74053 9 Bytes [ 03, 00, 00, 00, 19, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowA + 15 7CA7405E 46 Bytes [ 00, 10, 00, 00, 00, 0A, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowA + 44 7CA7408D 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowA + 54 7CA7409D 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathIsSlowA + 71 7CA740BA 6 Bytes [ 00, 00, 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathGetShortPath + 2 7CA74448 8 Bytes [ 00, 8A, B8, F7, 00, 73, 99, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathGetShortPath + B 7CA74451 16 Bytes [ 50, 6A, D7, 00, 26, 33, C0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathGetShortPath + 1D 7CA74463 28 Bytes [ 82, 00, 00, 00, 60, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathGetShortPath + 3A 7CA74480 7 Bytes [ 44, 75, C6, FF, 3A, 91, EE ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathGetShortPath + 42 7CA74488 45 Bytes [ 49, AF, FF, FF, 5D, C3, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDriveA + 2 7CA745C4 47 Bytes [ 76, DC, FF, FF, 76, DC, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDriveA + 32 7CA745F4 14 Bytes [ 61, 6F, AB, FF, 44, 75, C6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!IsLFNDriveA + 41 7CA74603 15 Bytes [ FF, 5D, C3, FF, FF, 48, A9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathQualify + 7 7CA74613 1 Byte [ 1C ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathQualify + 9 7CA74615 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathQualify + 15 7CA74621 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathQualify + 25 7CA74631 38 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathQualify + 4C 7CA74658 47 Bytes [ 22, A9, DA, FF, BF, E6, F2, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathMakeUniqueName + 4E 7CA74A42 5 Bytes [ EC, FF, FF, FF, E9 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathMakeUniqueName + 55 7CA74A49 18 Bytes [ FF, E3, FF, FF, FF, DB, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathMakeUniqueName + 68 7CA74A5C 3 Bytes [ FF, F2, BF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathMakeUniqueName + 6C 7CA74A60 7 Bytes [ FF, FC, D0, FF, FF, D9, AA ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PathMakeUniqueName + 74 7CA74A68 15 Bytes [ E3, B1, 94, FF, BC, 92, 92, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PickIconDlg + 9 7CA75898 14 Bytes [ B5, E2, F2, FF, D3, EE, F9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PickIconDlg + 19 7CA758A8 115 Bytes [ DB, FB, FF, FF, D0, FC, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PickIconDlg + 8D 7CA7591C 2 Bytes [ 9F, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PickIconDlg + 90 7CA7591F 2 Bytes [ FF, 99 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PickIconDlg + 93 7CA75922 19 Bytes [ FF, FF, 99, FF, FF, FF, 99, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHInvokePrinterCommandA + 2 7CA766B0 55 Bytes [ 91, 9F, B4, FF, 4B, 69, B2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHInvokePrinterCommandA + 3B 7CA766E9 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHInvokePrinterCommandA + 5A 7CA76708 31 Bytes [ 80, E6, FF, FF, 8F, C5, D5, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHInvokePrinterCommandA + 7A 7CA76728 3 Bytes [ 9F, B3, BE ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHInvokePrinterCommandA + 7E 7CA7672C 3 Bytes [ 96, C9, D7 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLL + C 7CA76847 60 Bytes [ FF, 9D, F9, FC, FF, 0C, 71, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLL + 49 7CA76884 11 Bytes [ C4, A7, 9C, FF, F9, F5, E1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLL + 55 7CA76890 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLL + 58 7CA76893 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLL + 5B 7CA76896 2 Bytes [ F6, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLLW + B 7CA768CB 14 Bytes [ FF, 42, BF, DF, FF, 00, 1A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLLW + 1B 7CA768DB 36 Bytes [ 0D, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLLW + 40 7CA76900 11 Bytes [ 56, 95, B5, FF, D7, C2, AA, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLLW + 4C 7CA7690C 7 Bytes [ FF, FF, F0, FF, FF, FF, FA ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PrintersGetCommand_RunDLLW + 54 7CA76914 7 Bytes [ FF, FF, F9, FF, FF, FF, ED ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAddFromPropSheetExtArray + 16 7CA76CF4 67 Bytes [ A6, DD, F2, FF, A8, FA, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHReplaceFromPropSheetExtArray + 2 7CA76D38 74 Bytes [ 8D, F6, FC, FF, 71, E4, F2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHReplaceFromPropSheetExtArray + 4D 7CA76D83 28 Bytes [ FF, 99, FF, FF, FF, 99, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHReplaceFromPropSheetExtArray + 6A 7CA76DA0 18 Bytes [ 99, FF, FF, FF, 99, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHReplaceFromPropSheetExtArray + 7E 7CA76DB4 36 Bytes [ 99, FF, FF, FF, 99, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHReplaceFromPropSheetExtArray + A3 7CA76DD9 20 Bytes [ 94, C6, 42, 00, 85, B1, 25, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreatePropSheetExtArray + 2 7CA76F10 22 Bytes [ D5, FE, FF, FF, B9, E4, F2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreatePropSheetExtArray + 19 7CA76F27 40 Bytes [ 00, 00, 99, CC, 30, 00, 92, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreatePropSheetExtArray + 42 7CA76F50 15 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreatePropSheetExtArray + 52 7CA76F60 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreatePropSheetExtArray + 58 7CA76F66 13 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryPoint + 58 7CA770DB 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFile + 7 7CA770F8 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFile + 1E 7CA7710F 25 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFile + 38 7CA77129 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFile + 44 7CA77135 30 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DragQueryFile + 63 7CA77154 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialogEx + 158 7CA779B8 570 Bytes [ BB, BB, BB, BB, BB, B8, 07, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialogEx + 393 7CA77BF3 3 Bytes [ 00, 00, 3F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialogEx + 399 7CA77BF9 38 Bytes [ FC, 00, 00, 00, 1F, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialogEx + 3C0 7CA77C20 14 Bytes [ FF, E0, 00, 00, 00, 03, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialogEx + 3CF 7CA77C2F 159 Bytes [ 00, FF, C0, 00, 00, 00, 03, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialog + 7 7CA78154 17 Bytes [ 30, 00, 00, 00, 60, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialog + 19 7CA78166 113 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialog + 8B 7CA781D8 51 Bytes [ 7D, 33, 25, 00, EC, 65, 4B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialog + BF 7CA7820C 23 Bytes [ B6, 63, 4B, 00, FF, 8F, 70, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RestartDialog + D7 7CA78224 83 Bytes [ FF, A7, 8F, 00, FF, AF, 99, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHOpenPropSheetW + 226 7CA78D2F 165 Bytes JMP 6E9A7B1E
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHOpenPropSheetW + 2CC 7CA78DD5 171 Bytes [ 02, 02, 02, 02, 02, 02, 02, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHOpenPropSheetW + 378 7CA78E81 23 Bytes [ FF, FE, 00, 7F, FF, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHOpenPropSheetW + 390 7CA78E99 7 Bytes [ FF, 80, 00, 00, FF, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHOpenPropSheetW + 398 7CA78EA1 15 Bytes [ FF, 00, 00, 00, 7F, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesW + 39 7CA7A7A9 2 Bytes [ 48, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesW + 3C 7CA7A7AC 31 Bytes [ D3, 42, 00, FF, D0, 3F, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesW + 5C 7CA7A7CC 50 Bytes [ 7C, 63, 27, FF, 83, 63, 2A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesW + 8F 7CA7A7FF 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesW + 91 7CA7A801 4 Bytes [ 00, 00, 00, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesA + 16 7CA7A82F 40 Bytes [ FF, D0, 3F, 00, FF, D7, 46, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesA + 3F 7CA7A858 4 Bytes [ 00, 7E, 00, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesA + 44 7CA7A85D 14 Bytes [ 7B, 00, FF, 00, 77, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesA + 53 7CA7A86C 27 Bytes [ E1, 50, 00, FF, DD, 4C, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CheckEscapesA + 6F 7CA7A888 66 Bytes [ A6, 35, 00, FF, 4D, 63, 10, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrCpyNW + 2 7CA7A910 19 Bytes [ 00, 88, 00, FF, 00, 83, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrCpyNW + 16 7CA7A924 78 Bytes [ 00, 7F, 00, FF, 2C, 75, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrCpyNA + 24 7CA7A973 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrCpyNA + 37 7CA7A986 49 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpW + 2D 7CA7A9B8 17 Bytes [ F8, 67, 00, FF, FE, 6D, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpW + 3F 7CA7A9CA 20 Bytes [ 00, FF, 00, 8F, 00, FF, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpW + 54 7CA7A9DF 4 Bytes [ FF, 00, 89, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpW + 59 7CA7A9E4 27 Bytes [ 1E, 7C, 00, FF, 8F, 75, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpW + 75 7CA7AA00 50 Bytes [ D3, 42, 00, FF, D0, 3F, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpA + 22 7CA7AA33 4 Bytes [ 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpA + 27 7CA7AA38 68 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpA + 6C 7CA7AA7D 58 Bytes [ 71, 00, FF, FF, 75, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpIW + 2F 7CA7AAB8 43 Bytes [ AB, 68, 00, FF, 16, 68, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpIW + 5B 7CA7AAE4 27 Bytes [ 69, 1B, 00, D0, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpIA + A 7CA7AB00 3 Bytes [ 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpIA + E 7CA7AB04 35 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpIA + 32 7CA7AB28 12 Bytes [ F2, 61, 00, FF, F7, 65, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpIA + 3F 7CA7AB35 6 Bytes [ 71, 00, FF, FF, 75, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCmpIA + 46 7CA7AB3C 10 Bytes [ FF, 7E, 00, FF, FF, 7F, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCpyW + 2 7CA7AB70 35 Bytes [ FF, 72, 00, FF, C9, 74, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCpyW + 26 7CA7AB94 31 Bytes [ 2A, 63, 00, FF, 46, 63, 0C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCpyW + 46 7CA7ABB4 39 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCpyA + 23 7CA7ABDC 22 Bytes [ D7, 46, 00, FF, E3, 52, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrNCpyA + 3B 7CA7ABF4 21 Bytes [ EC, 70, 00, FF, E0, 70, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrW + 1 7CA7AC0A 15 Bytes [ 00, FF, D7, 80, 00, FF, 98, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrW + 11 7CA7AC1A 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrW + 13 7CA7AC1C 15 Bytes [ FF, 92, 00, FF, FF, 8F, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrW + 23 7CA7AC2C 23 Bytes [ FF, 81, 00, FF, E7, 81, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrW + 3B 7CA7AC44 3 Bytes [ 00, 71, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrA + 1F 7CA7AC95 26 Bytes [ FC, 9E, F2, D3, 42, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrA + 3A 7CA7ACB0 3 Bytes [ C7, 61, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrA + 3E 7CA7ACB4 15 Bytes [ 73, 5D, 00, FF, 15, 5D, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrA + 4E 7CA7ACC4 27 Bytes [ 22, 51, 00, FF, 39, 56, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrRStrA + 6A 7CA7ACE0 3 Bytes [ FC, 9B, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetPathOffsetW + 70 7CA7ADA8 11 Bytes [ FF, 9D, 00, FF, FF, 93, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirW + 2 7CA7ADB4 36 Bytes [ FF, 85, 00, FF, 85, 86, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirW + 27 7CA7ADD9 28 Bytes [ 63, 00, FF, 31, 63, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirW + 44 7CA7ADF6 28 Bytes [ 00, 04, 00, 00, 00, 03, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirW + 61 7CA7AE13 12 Bytes [ 00, F5, F5, AD, C7, ED, 6B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirW + 6E 7CA7AE20 24 Bytes CALL 47A6AE87
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirA + B 7CA7AE5F 36 Bytes [ FF, E3, 9E, 00, FF, FF, AB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirA + 30 7CA7AE84 11 Bytes [ 00, 81, 00, FF, 00, 7E, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirA + 3C 7CA7AE90 6 Bytes [ 8C, 59, 00, FF, 90, 49 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirA + 43 7CA7AE97 8 Bytes [ FF, 42, 50, 00, FF, 13, 63, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirA + 4C 7CA7AEA0 3 Bytes [ 6E, 60, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirW + B 7CA7AEC9 18 Bytes [ 00, 00, 04, 00, 00, 00, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirW + 1E 7CA7AEDC 6 Bytes [ B8, 4B, 00, FF, AB, 4A ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirW + 25 7CA7AEE3 12 Bytes [ FF, 33, 85, 88, FF, 1E, 90, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirW + 32 7CA7AEF0 15 Bytes [ 00, 92, B3, FF, 00, A1, C8, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirW + 42 7CA7AF00 54 Bytes [ 1C, C6, F0, FF, 27, D1, FC, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirA + 2 7CA7B0A4 28 Bytes [ E6, C7, 30, FF, FF, D0, 1A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirA + 1F 7CA7B0C1 11 Bytes [ 97, 00, FF, 00, 8F, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirA + 2B 7CA7B0CD 1 Byte [ 7F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirA + 2E 7CA7B0D0 19 Bytes [ 00, 79, 00, FF, 00, 71, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirA + 42 7CA7B0E4 12 Bytes [ 61, 28, 00, A4, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetCurDrive + 15 7CA7B110 55 Bytes [ EE, 6C, 54, FF, F2, 6F, 55, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheSetCurDrive + 27 7CA7B148 7 Bytes [ 28, D3, FE, FF, 19, D1, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheSetCurDrive + 2F 7CA7B150 11 Bytes [ 05, CD, FF, FF, 00, CC, FE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheSetCurDrive + 3B 7CA7B15C 23 Bytes [ 24, 61, 60, FF, 82, 80, 3A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathA + 2 7CA7B174 46 Bytes [ FF, AB, 00, FF, FF, 9C, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathA + 31 7CA7B1A3 11 Bytes [ FA, 00, 00, 00, 6A, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathA + 3D 7CA7B1AF 40 Bytes [ 00, F7, 60, 36, 21, FF, 67, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathA + 66 7CA7B1D8 15 Bytes CALL 57A6F739
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathA + 76 7CA7B1E8 91 Bytes [ 07, 84, 72, FF, 28, 98, AF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathW + 20 7CA7B244 14 Bytes [ FC, 81, 00, FF, 20, 8A, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathW + 2F 7CA7B253 15 Bytes [ FF, 00, 75, 00, FF, 00, 71, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathW + 3F 7CA7B263 31 Bytes [ D8, 00, 00, 00, 47, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathW + 5F 7CA7B283 4 Bytes [ FF, FF, B6, A2 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheFullPathW + 64 7CA7B288 15 Bytes [ FF, AA, 92, FF, FF, 9C, 81, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirExW + 39 7CA7B315 9 Bytes [ 78, 00, FF, 00, 71, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirExW + 43 7CA7B31F 14 Bytes [ FF, 6E, 36, 00, 95, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirExW + 52 7CA7B32E 26 Bytes [ 00, 00, 00, 00, 00, 00, F6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirExW + 6D 7CA7B349 6 Bytes [ AF, 99, FF, FF, A1, 87 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheGetDirExW + 74 7CA7B350 35 Bytes [ FF, 93, 75, FF, FE, 85, 65, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExW + A 7CA7B3E3 12 Bytes [ 41, 00, 00, 00, 0B, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExW + 17 7CA7B3F0 23 Bytes JMP 7BE9E244
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExW + 30 7CA7B409 2 Bytes [ B2, 9C ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExW + 33 7CA7B40C 23 Bytes [ FF, A4, 8C, FF, FF, 97, 7A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExW + 4B 7CA7B424 9 Bytes [ CB, 25, 1B, FF, 23, 40, 0F, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExA + 43 7CA7B6A0 16 Bytes [ 0F, 60, 48, FF, 0E, 5F, 29, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExA + 54 7CA7B6B1 6 Bytes [ D1, 1E, FF, 32, C9, 0C ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExA + 5B 7CA7B6B8 92 Bytes [ FF, 9A, 00, FF, FF, 8F, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExA + B8 7CA7B715 39 Bytes [ 99, 7D, FF, FF, 8C, 6C, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheChangeDirExA + E0 7CA7B73D 6 Bytes [ 87, 60, FF, 00, A0, 6B ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RegenerateUserEnvironment + 2 7CA7C7B0 6 Bytes [ AE, 1C, 00, FF, AF, 1E ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RegenerateUserEnvironment + 9 7CA7C7B7 58 Bytes [ FF, C6, 35, 00, FF, C6, 5A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RegenerateUserEnvironment + 45 7CA7C7F3 28 Bytes [ 09, DF, AD, 20, B6, B6, 26, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RegenerateUserEnvironment + 62 7CA7C810 43 Bytes [ D4, 43, 00, FF, 94, 4E, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RegenerateUserEnvironment + 8E 7CA7C83C 59 Bytes [ 93, 5F, 2D, FF, AB, 62, 3F, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_CloseProperties + 1C 7CA81FB8 28 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_CloseProperties + 3A 7CA81FD6 96 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_CloseProperties + 9B 7CA82037 8 Bytes [ 00, FF, 66, 66, 00, FF, 66, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_CloseProperties + A4 7CA82040 51 Bytes [ FF, FF, 66, 00, 21, 00, A5, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_CloseProperties + D8 7CA82074 15 Bytes [ F8, F8, F8, 00, F0, FB, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_GetProperties + 2 7CA826BA 8 Bytes [ 99, 00, 33, FF, CC, 00, 33, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_GetProperties + B 7CA826C3 24 Bytes [ 00, 66, 00, 00, 00, 66, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_GetProperties + 24 7CA826DC 86 Bytes [ 66, 33, 00, 00, 66, 33, 33, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_GetProperties + 7B 7CA82733 20 Bytes [ 00, 66, FF, 00, 00, 66, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_GetProperties + 90 7CA82748 1 Byte [ FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_SetProperties + 8E 7CA82FC5 9 Bytes [ FF, 00, 00, FF, C3, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_SetProperties + 98 7CA82FCF 38 Bytes [ 00, FF, 81, FF, FF, 03, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_SetProperties + BF 7CA82FF6 27 Bytes [ 00, 00, FF, 80, 07, E0, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_SetProperties + DB 7CA83012 4 Bytes [ 00, 00, 07, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_SetProperties + E1 7CA83018 10 Bytes [ FF, E0, 00, 00, 07, FF, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_OpenProperties + B 7CA83440 43 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_OpenProperties + 38 7CA8346D 12 Bytes [ FF, FF, 00, FF, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_OpenProperties + 45 7CA8347A 110 Bytes [ 00, 00, FF, FF, FF, 00, 11, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_OpenProperties + B4 7CA834E9 77 Bytes [ 11, 11, 11, 11, 11, 11, 3F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!PifMgr_OpenProperties + 102 7CA83537 157 Bytes [ FF, FF, BB, BB, BF, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheRemoveQuotesW + 1D 7CA8B41C 12 Bytes [ 66, 73, 82, 8D, 8F, 88, 86, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheRemoveQuotesW + 2A 7CA8B429 82 Bytes [ 91, 8D, 0B, 34, 34, 91, 8D, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheRemoveQuotesA + 41 7CA8B47C 215 Bytes [ 68, 67, 64, 68, 83, 91, 8F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathW + 62 7CA8B554 113 Bytes [ 82, 0B, 92, 21, 27, 28, 1C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathW + D4 7CA8B5C6 185 Bytes [ 78, 78, 78, 76, 73, 72, 6F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathW + 18E 7CA8B680 35 Bytes [ 01, 01, 55, 65, 78, 7C, 7C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathW + 1B2 7CA8B6A4 41 Bytes [ 8F, 8F, 80, 53, 50, 4E, 2A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathA + 29 7CA8B6CE 150 Bytes [ 52, 53, 72, 80, 90, 8F, 0B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathA + C0 7CA8B765 392 Bytes [ 58, 55, 52, 50, 4E, 47, 46, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathA + 249 7CA8B8EE 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathA + 24F 7CA8B8F4 99 Bytes [ 00, 01, 01, 01, 01, 01, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheShortenPathA + 2B3 7CA8B958 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheConvertPathW + B 7CA8BA65 10 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheConvertPathW + 16 7CA8BA70 17 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheConvertPathW + 29 7CA8BA83 256 Bytes [ 00, 00, 01, 00, 00, C0, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheConvertPathW + 12A 7CA8BB84 315 Bytes [ 3A, 9E, DD, 00, 3F, A2, DE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SheConvertPathW + 266 7CA8BCC0 31 Bytes JMP 666A41C5
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLL + B 7CA8D4BC 32 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLL + 2E 7CA8D4DF 5 Bytes [ 00, FF, FF, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLL + 34 7CA8D4E5 5 Bytes [ FF, 00, 00, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLL + 3B 7CA8D4EC 4 Bytes [ FF, FF, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLL + 41 7CA8D4F2 3 Bytes [ 00, 00, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLLW + 27 7CA8D592 5 Bytes [ 00, 00, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLLW + 2E 7CA8D599 29 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLLW + 4E 7CA8D5B9 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLLW + 5A 7CA8D5C5 22 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!OpenAs_RunDLLW + 71 7CA8D5DC 61 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Activate_RunDLL + 23 7CA8E50F 28 Bytes [ 10, 10, 10, 10, 10, 10, 10, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Activate_RunDLL + 40 7CA8E52C 95 Bytes [ 03, 03, 03, 03, 03, 03, 03, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Activate_RunDLL + A0 7CA8E58C 266 Bytes [ 03, 03, 03, 03, 03, 03, 03, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Activate_RunDLL + 1AB 7CA8E697 308 Bytes [ 8A, A1, A0, 87, 85, 84, 6B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Activate_RunDLL + 2E0 7CA8E7CC 143 Bytes [ 03, 03, 03, 03, 03, 03, 03, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHIsFileAvailableOffline + B 7CA915AB 24 Bytes [ 00, 00, 00, 00, 00, E3, B0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHIsFileAvailableOffline + 24 7CA915C4 4 Bytes [ C9, 96, 96, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHIsFileAvailableOffline + 29 7CA915C9 11 Bytes [ E0, B1, FF, FF, FC, CE, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHIsFileAvailableOffline + 35 7CA915D5 24 Bytes [ D9, A6, FF, FF, DE, AC, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHIsFileAvailableOffline + 4E 7CA915EE 18 Bytes [ E4, FF, FF, FF, EA, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 2 7CA9198C 11 Bytes [ FF, F7, C6, FF, FF, FF, E4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEnumerateUnreadMailAccountsW + E 7CA91998 59 Bytes [ FF, E6, C4, FF, FF, DF, B7, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 4A 7CA919D4 20 Bytes [ FF, EA, D5, FF, FF, E8, D1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 5F 7CA919E9 20 Bytes [ E5, CA, FF, FF, DC, C7, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEnumerateUnreadMailAccountsW + 75 7CA919FF 2 Bytes [ 2F, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetAttributesFromDataObject + 2 7CA91E03 48 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetAttributesFromDataObject + 33 7CA91E34 85 Bytes [ C5, 92, 92, FF, D2, AC, A9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetAttributesFromDataObject + 8B 7CA91E8C 11 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetAttributesFromDataObject + 99 7CA91E9A 23 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetAttributesFromDataObject + B1 7CA91EB2 22 Bytes [ 93, FF, F8, F8, F8, FF, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteA + 1D 7CA93D99 46 Bytes [ 00, 00, 2F, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteA + 4C 7CA93DC8 43 Bytes [ FF, FD, D1, FF, FF, FF, E0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteA + 78 7CA93DF4 39 Bytes [ 00, 00, 00, 8F, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteA + A1 7CA93E1D 7 Bytes CALL 67A93DD7
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPathPrepareForWriteA + A9 7CA93E25 19 Bytes [ F9, C6, FF, FF, FF, DA, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetUnreadMailCountW + B 7CA940A3 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetUnreadMailCountW + 24 7CA940BC 15 Bytes [ E1, CB, C5, FF, C8, A4, 9B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetUnreadMailCountW + 34 7CA940CC 79 Bytes [ F0, D6, B2, FF, E6, C5, AA, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetUnreadMailCountW + 84 7CA9411C 15 Bytes [ FB, F9, F8, FF, F2, E8, E4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetUnreadMailCountW + 94 7CA9412C 7 Bytes [ DC, BF, B5, FF, DF, C4, BA ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetUnreadMailCountW + 29 7CA942D5 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetUnreadMailCountW + 2C 7CA942D8 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetUnreadMailCountW + 4E 7CA942FA 5 Bytes [ 01, FF, C0, 00, 01 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetUnreadMailCountW + 54 7CA94300 19 Bytes [ E0, 00, 01, FF, E0, 00, 01, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetUnreadMailCountW + 68 7CA94314 2 Bytes [ E0, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetShellStyleHInstance + 20 7CA94754 12 Bytes [ AA, 81, 69, 79, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetShellStyleHInstance + 2E 7CA94762 57 Bytes [ 00, 00, 00, 00, 00, 00, C0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetShellStyleHInstance + 68 7CA9479C 62 Bytes [ C0, 01, D8, FF, C0, 01, 97, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetShellStyleHInstance + A7 7CA947DB 22 Bytes [ 00, 01, 00, 08, 00, A8, 0E, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetShellStyleHInstance + BE 7CA947F2 5 Bytes [ 96, 01, 18, 18, 00 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFormatDrive + A 7CA97647 487 Bytes [ 02, 02, 02, 20, 46, 27, 71, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFormatDrive + 1F2 7CA9782F 31 Bytes [ FF, FE, FD, FD, FA, FA, F8, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFormatDrive + 212 7CA9784F 30 Bytes [ FF, FF, FE, FD, FD, FA, FA, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFormatDrive + 231 7CA9786E 70 Bytes [ FF, FF, FF, FF, FE, FD, FD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFormatDrive + 278 7CA978B5 245 Bytes [ FF, FE, FD, FA, FA, F8, 56, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!AppCompat_RunDLLW + 89 7CA97E10 3 Bytes [ 3E, 3E, 44 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!AppCompat_RunDLLW + 8D 7CA97E14 3 Bytes [ 3C, 3C, 3D ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!AppCompat_RunDLLW + 91 7CA97E18 3 Bytes [ 53, 53, 54 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!AppCompat_RunDLLW + 95 7CA97E1C 123 Bytes [ 41, 41, 42, 00, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!AppCompat_RunDLLW + 111 7CA97E98 353 Bytes [ 7B, 69, 12, 20, 20, 1C, 0D, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create + 1B 7CA994CB 107 Bytes [ 01, 2F, 2F, 2F, 8A, 8D, 68, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create + 87 7CA99537 18 Bytes [ FF, B4, 4E, 00, FF, 51, 38, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create + 9A 7CA9954A 28 Bytes [ 00, 37, 00, 00, 00, 19, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create2 + 18 7CA99567 8 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create2 + 23 7CA99572 41 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create2 + 4D 7CA9959C 40 Bytes [ A1, 3B, 00, FF, EC, D0, BD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create2 + 76 7CA995C5 2 Bytes [ E7, D1 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CDefFolderMenu_Create2 + 79 7CA995C8 7 Bytes [ 20, A3, CC, FF, 00, 99, CC ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExeDlgProc + 82 7CA9DD52 134 Bytes [ FF, D8, BC, B6, B7, B9, BA, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExeDlgProc + 109 7CA9DDD9 239 Bytes [ A3, 7C, 7C, 96, 97, 97, 97, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExeDlgProc + 1F9 7CA9DEC9 3 Bytes [ 92, 57, 94 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExeDlgProc + 1FD 7CA9DECD 40 Bytes [ 73, 72, 72, 72, 72, 72, 72, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!FindExeDlgProc + 226 7CA9DEF6 93 Bytes [ FF, FF, FF, 92, 57, 7E, 8E, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_AutoScroll + 9 7CAA48DC 11 Bytes [ F0, 00, 0F, FF, F8, 00, 0F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_AutoScroll + 15 7CAA48E8 7 Bytes [ FC, 00, 1F, FF, FC, 00, 3F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_AutoScroll + 1D 7CAA48F0 15 Bytes [ FC, 00, 3F, FF, FE, 00, 3F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_AutoScroll + 2D 7CAA4900 6 Bytes [ 28, 00, 00, 00, 10, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_AutoScroll + 35 7CAA4908 13 Bytes [ 20, 00, 00, 00, 01, 00, 20, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragEnterEx + 8 7CAADC70 11 Bytes [ EF, EF, EF, FF, F3, F3, F3, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragEnterEx + 14 7CAADC7C 11 Bytes [ F1, F1, F1, FF, F1, F1, F1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragEnterEx + 20 7CAADC88 47 Bytes [ EE, EE, EE, FF, EE, EE, EE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragEnterEx + 50 7CAADCB8 46 Bytes [ A2, A2, A2, FF, AB, AB, AB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragMove + 26 7CAADCE7 20 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragMove + 3B 7CAADCFC 15 Bytes [ 5C, 5C, 5C, CF, 8D, 8D, 8D, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_SetDragImage + B 7CAADD0C 11 Bytes [ D4, D4, D4, FF, D2, D2, D2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_SetDragImage + 17 7CAADD18 51 Bytes [ D5, D5, D5, FF, F1, F1, F1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_SetDragImage + 4B 7CAADD4C 19 Bytes [ EE, EE, EE, FF, EE, EE, EE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_SetDragImage + 5F 7CAADD60 23 Bytes JMP 64AAC74E
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_SetDragImage + 77 7CAADD78 95 Bytes [ E4, E4, E4, FF, DB, DB, DB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragLeave + 3C 7CAADDD8 3 Bytes [ CA, CA, CA ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DAD_DragLeave + 40 7CAADDDC 47 Bytes [ AE, AE, AE, FF, 92, 92, 92, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDoDragDrop + F 7CAADE0C 27 Bytes [ EF, EF, EF, FF, EE, EE, EE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDoDragDrop + 2B 7CAADE28 59 Bytes JMP 64AAC816
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDoDragDrop + 67 7CAADE64 59 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDoDragDrop + A3 7CAADEA0 33 Bytes [ C2, C2, C2, FF, DF, DF, DF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDoDragDrop + C5 7CAADEC2 45 Bytes [ 7C, FF, 6F, 6F, 6F, FF, 89, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllInstall + 8C 7CAB0E50 43 Bytes [ A6, 82, 82, 00, B5, 96, 96, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllInstall + B8 7CAB0E7C 104 Bytes [ CC, C0, C0, 00, FD, F0, F0, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllInstall + 121 7CAB0EE5 18 Bytes [ BC, B3, 00, DA, CA, C8, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllInstall + 134 7CAB0EF8 19 Bytes [ 76, 71, 70, 00, B6, 86, 7A, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!DllInstall + 148 7CAB0F0C 104 Bytes [ FF, C8, B9, 00, D2, B4, AC, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconA + 18 7CAB3E86 57 Bytes [ 08, 0C, 27, 11, 0C, 09, 2F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconA + 52 7CAB3EC0 33 Bytes [ EA, EA, EA, FF, C6, C6, C6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconA + 74 7CAB3EE2 13 Bytes [ C0, FF, B3, B3, B3, FF, A4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconA + 82 7CAB3EF0 97 Bytes [ 7A, 7A, 7A, FF, 77, 77, 77, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHDefExtractIconA + E4 7CAB3F52 10 Bytes [ 0D, 0E, 40, 16, 16, 06, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHValidateUNC + B 7CAB4443 48 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHValidateUNC + 3C 7CAB4474 13 Bytes [ B2, B2, B2, FF, D9, DC, DC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHValidateUNC + 4A 7CAB4482 5 Bytes [ 7C, FF, 6B, 43, 43 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHValidateUNC + 50 7CAB4488 23 Bytes [ D4, 69, 69, FF, C0, 63, 64, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHValidateUNC + 6A 7CAB44A2 16 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
cally120 is offline  
Old 04-29-2007, 08:23 AM   #10
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



GMER continued:

.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SignalFileOpen + C 7CAB4BF4 42 Bytes [ B4, B4, B4, FF, B8, B8, B8, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SignalFileOpen + 38 7CAB4C20 11 Bytes [ 5D, 3E, 3E, 4F, 9F, 6F, 6F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SignalFileOpen + 44 7CAB4C2C 16 Bytes [ FF, FB, F8, FF, FF, FB, F8, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SignalFileOpen + 55 7CAB4C3D 7 Bytes [ FB, F8, FF, FF, FB, F8, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SignalFileOpen + 5D 7CAB4C45 7 Bytes [ FB, F8, FF, FF, FB, F8, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RealShellExecuteExW + A4 7CAB4E1D 63 Bytes [ 00, 00, 00, 2F, 2B, 27, 05, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RealShellExecuteW + 8 7CAB4E5D 8 Bytes [ FF, 00, 00, FF, F8, 1F, 07, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RealShellExecuteW + 11 7CAB4E66 2 Bytes [ 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RealShellExecuteW + 14 7CAB4E69 20 Bytes [ E0, 04, 01, FF, FF, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RealShellExecuteW + 29 7CAB4E7E 4 Bytes [ 00, 00, FC, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!RealShellExecuteW + 2E 7CAB4E83 19 Bytes [ 00, 03, FF, 00, 00, F8, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteW + F 7CAB4E97 3 Bytes [ 00, 80, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteW + 13 7CAB4E9B 44 Bytes [ 00, 00, 7F, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteW + 42 7CAB4ECA 4 Bytes [ 00, 00, 00, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteW + 47 7CAB4ECF 1 Byte [ 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExecuteW + 4A 7CAB4ED2 4 Bytes [ 00, 00, 00, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!GetFileNameFromBrowse + 15 7CAB64D4 11 Bytes [ C0, 00, 8F, FF, C0, 00, 81, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!GetFileNameFromBrowse + 21 7CAB64E0 31 Bytes [ 80, 00, 73, FF, 00, 00, 8F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!GetFileNameFromBrowse + 41 7CAB6500 29 Bytes CALL 47AB6507
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!GetFileNameFromBrowse + 5F 7CAB651E 10 Bytes [ 08, 00, A8, 0E, 00, 00, CD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!GetFileNameFromBrowse + 6B 7CAB652A 12 Bytes [ 01, 00, 08, 00, A8, 08, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILAppendID + 28 7CAB68C5 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILAppendID + 2B 7CAB68C8 9 Bytes [ FF, 00, 00, 00, FF, 00, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILAppendID + 35 7CAB68D2 11 Bytes [ 00, 00, FF, FF, FF, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILAppendID + 41 7CAB68DE 56 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILAppendID + 7A 7CAB6917 95 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPathA + B 7CAB6B07 94 Bytes [ 07, F8, 00, 00, 07, F8, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPathA + 6A 7CAB6B66 13 Bytes CALL 50AB6B6D
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPathA + 78 7CAB6B74 22 Bytes [ 20, 00, 00, 00, 40, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPathA + 8F 7CAB6B8B 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ILCreateFromPathA + 9F 7CAB6B9B 38 Bytes [ 00, 00, 00, 80, 00, 00, 80, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathAndSubDirA + 41 7CAB8C81 7 Bytes JMP 73AA8D58
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathAndSubDirA + 49 7CAB8C89 19 Bytes [ BF, 73, 00, FF, D4, A1, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathAndSubDirA + 5D 7CAB8C9D 7 Bytes [ D9, A6, 00, EE, CE, A6, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathAndSubDirA + 65 7CAB8CA5 62 Bytes [ DE, AB, 00, FF, E0, AD, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetFolderPathAndSubDirA + A4 7CAB8CE4 19 Bytes [ 14, AD, 29, 00, B7, C7, BA, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHHandleUpdateImage + B 7CAB9F74 18 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHHandleUpdateImage + 1E 7CAB9F87 39 Bytes [ FF, 66, CC, FF, FF, 2D, AF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHHandleUpdateImage + 47 7CAB9FB0 1 Byte [ A8 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHHandleUpdateImage + 49 7CAB9FB2 11 Bytes [ FF, FF, A8, FF, FF, FF, A8, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHHandleUpdateImage + 56 7CAB9FBF 16 Bytes [ FF, A8, FF, FF, FF, 50, BB, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifySuspendResume + 15 7CABA545 73 Bytes [ D3, A0, FF, D7, D4, BA, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifySuspendResume + 5F 7CABA58F 28 Bytes JMP 42A225FF
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifySuspendResume + 7C 7CABA5AC 11 Bytes [ 14, AD, 29, FF, 08, 8A, 5C, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifySuspendResume + 88 7CABA5B8 6 Bytes [ 99, FF, FF, FF, 99, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHChangeNotifySuspendResume + 8F 7CABA5BF 8 Bytes [ FF, 99, FF, FF, FF, 50, BB, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageW + 2 7CABA613 38 Bytes [ FF, D3, FF, FF, FF, D3, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageW + 2A 7CABA63B 19 Bytes [ 00, 14, 9E, CC, C3, E2, F4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageW + 3E 7CABA64F 28 Bytes [ FF, 45, BE, 77, FF, 1F, B8, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageW + 5B 7CABA66C 3 Bytes [ 1F, B8, 3D ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageW + 5F 7CABA670 11 Bytes [ 1F, B8, 3D, FF, 08, 8A, 5C, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageA + 20 7CABA770 3 Bytes [ 50, B9, DC ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageA + 24 7CABA774 12 Bytes [ CF, EB, F1, FF, FF, E6, BC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageA + 31 7CABA781 11 Bytes [ DF, AC, FF, FF, F0, BD, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageA + 3D 7CABA78D 37 Bytes CALL 3B9DA747
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHUpdateImageA + 63 7CABA7B3 116 Bytes [ 01, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDataFromIDListA + 35 7CAC160D 6 Bytes [ FF, FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDataFromIDListA + 3D 7CAC1615 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDataFromIDListA + 40 7CAC1618 87 Bytes [ 87, 77, 77, 77, 77, 77, 77, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDataFromIDListA + 98 7CAC1670 33 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetDataFromIDListA + BA 7CAC1692 2 Bytes [ 08, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfo + B 7CAC1862 12 Bytes [ 0F, FF, FF, FF, FF, FF, FC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfo + 19 7CAC1870 30 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfo + 38 7CAC188F 63 Bytes [ 00, 20, 00, 00, 00, 01, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfo + 78 7CAC18CF 7 Bytes [ 00, 81, 81, 81, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetNewLinkInfo + 80 7CAC18D7 67 Bytes [ 00, 00, 00, 66, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellItem + 17 7CAC1CC5 13 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellItem + 25 7CAC1CD3 92 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellItem + 83 7CAC1D31 13 Bytes [ 45, 38, 5C, FF, FF, 38, 75, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellItem + 91 7CAC1D3F 44 Bytes [ FF, 75, 45, 38, 5C, 6F, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellItem + BE 7CAC1D6C 29 Bytes [ 38, 26, FF, FF, 75, 26, 26, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateFileExtractIconW + A 7CAC1E24 26 Bytes [ 01, 00, 08, 00, A8, 0E, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateFileExtractIconW + 25 7CAC1E3F 7 Bytes [ 00, 01, 00, 08, 00, 68, 05 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateFileExtractIconW + 2E 7CAC1E48 4 Bytes [ EA, 01, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateFileExtractIconW + 35 7CAC1E4F 10 Bytes [ 00, 28, 00, 00, 00, 30, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateFileExtractIconW + 40 7CAC1E5A 20 Bytes [ 00, 00, 01, 00, 04, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAppBarMessage + C 7CAC3063 24 Bytes [ 77, 00, 00, 00, 40, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAppBarMessage + 27 7CAC307E 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAppBarMessage + 33 7CAC308A 37 Bytes [ 00, 00, 00, 00, 00, 06, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAppBarMessage + 59 7CAC30B0 22 Bytes [ 63, 4E, 4E, E5, 94, 94, 94, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHAppBarMessage + 70 7CAC30C7 1 Byte [ 8C ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadInProc + D 7CAC31BC 27 Bytes [ E5, E5, E5, FF, C5, C5, C5, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHEnableServiceObject + 11 7CAC31D8 32 Bytes [ 61, 61, 61, FF, 80, 80, 80, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHSetInstanceExplorer + 11 7CAC31F9 30 Bytes [ 00, 00, 00, 00, 00, 00, 14, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetInstanceExplorer + 1A 7CAC3218 35 Bytes [ E5, E5, E5, FF, D2, D2, D2, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetInstanceExplorer + 3E 7CAC323C 11 Bytes [ 81, 81, 81, FF, 79, 79, 79, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetInstanceExplorer + 4A 7CAC3248 8 Bytes [ 94, 94, 94, FF, 94, 94, 94, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetInstanceExplorer + 53 7CAC3251 54 Bytes [ 00, 00, 8F, 00, 00, 00, 2F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetInstanceExplorer + 8A 7CAC3288 15 Bytes [ 81, 81, 81, FF, 84, 84, 84, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolderW + 63 7CAC61FC 6 Bytes [ D8, 7E, 1F, FF, FC, AD ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolderW + 6A 7CAC6203 49 Bytes [ FF, CC, 72, 25, FF, 5D, 1F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolderW + 9C 7CAC6235 6 Bytes [ B4, 52, FF, FF, B4, 52 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolderW + A3 7CAC623C 59 Bytes [ FF, B4, 52, FF, FF, B4, 52, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolderW + DF 7CAC6278 7 Bytes [ F4, FD, FE, FF, F4, FD, FE ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolder + 15 7CAC62A8 15 Bytes [ F4, FD, FE, FF, F4, FD, FE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolder + 25 7CAC62B8 7 Bytes [ DD, 91, 3F, FF, FC, AF, 4D ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolder + 2D 7CAC62C0 17 Bytes [ FF, B4, 52, FF, CC, 74, 29, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolder + 40 7CAC62D3 28 Bytes [ 13, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHBrowseForFolder + 5D 7CAC62F0 7 Bytes [ FF, E6, B1, FF, FF, CB, 80 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WOWShellExecute + 2 7CAC7660 29 Bytes CALL 67AC6557
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WOWShellExecute + 20 7CAC767E 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WOWShellExecute + 26 7CAC7684 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WOWShellExecute + 29 7CAC7687 5 Bytes [ FF, FF, FB, F8, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!WOWShellExecute + 2F 7CAC768D 2 Bytes [ F9, F3 ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLL + 20 7CAC7814 15 Bytes [ F6, E4, BF, FF, F9, D1, 8F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLL + 30 7CAC7824 33 Bytes [ F3, FD, FE, FF, F3, FD, FE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLL + 52 7CAC7846 21 Bytes [ 00, 0F, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLLW + 2 7CAC785C 31 Bytes [ FF, B8, 5B, FF, FF, B8, 5B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLLW + 22 7CAC787C 15 Bytes [ F6, FD, FE, FF, F6, FD, FE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLLW + 32 7CAC788C 27 Bytes [ F6, FD, FE, FF, F6, FD, FE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLLW + 4E 7CAC78A8 51 Bytes [ F6, FD, FE, FF, EE, E1, CF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!ShellExec_RunDLLW + 82 7CAC78DC 54 Bytes [ FF, ED, BA, FF, FF, E1, A4, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateProcessAsUserW + 2 7CAC841C 15 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateProcessAsUserW + 12 7CAC842C 30 Bytes [ 00, 00, 00, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateProcessAsUserW + 32 7CAC844C 26 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateProcessAsUserW + 4D 7CAC8467 12 Bytes [ FF, FF, FF, FF, F7, 07, 80, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateProcessAsUserW + 5A 7CAC8474 2 Bytes [ FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHShellFolderView_Message + 6C 7CAC9B60 55 Bytes [ E2, CB, CC, 00, 60, CA, FD, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHShellFolderView_Message + A4 7CAC9B98 119 Bytes [ 51, C1, F4, 00, 84, C6, D4, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHShellFolderView_Message + 11C 7CAC9C10 7 Bytes [ 45, BC, D2, 00, EA, BF, 8F ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHShellFolderView_Message + 124 7CAC9C18 114 Bytes [ 07, C3, DA, 00, 24, BF, D6, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHShellFolderView_Message + 197 7CAC9C8B 40 Bytes [ 00, 1C, AE, CA, 00, 7F, A0, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderViewEx + ED 7CACA070 201 Bytes [ 0A, 07, 06, 04, 40, 57, 5D, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderViewEx + 1B8 7CACA13B 58 Bytes CALL 63938826
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderViewEx + 1F3 7CACA176 149 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderViewEx + 289 7CACA20C 41 Bytes [ E1, FF, FF, FF, C0, 07, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateShellFolderViewEx + 2B3 7CACA236 38 Bytes [ 01, 3F, C0, 00, 00, 1F, C0, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFind_InitMenuPopup + 4A 7CACBD38 57 Bytes [ 64, 64, 64, 00, 63, 63, 63, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFind_InitMenuPopup + 84 7CACBD72 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFind_InitMenuPopup + 8A 7CACBD78 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFind_InitMenuPopup + 94 7CACBD82 58 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFind_InitMenuPopup + CF 7CACBDBD 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFindFiles + 25 7CACD325 4 Bytes [ FF, E7, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFindFiles + 2A 7CACD32A 6 Bytes [ EA, FF, FF, FF, EC, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFindFiles + 32 7CACD332 2 Bytes [ EE, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFindFiles + 35 7CACD335 5 Bytes [ FF, F0, FF, DB, E1 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHFindFiles + 3C 7CACD33C 155 Bytes [ 15, 43, 91, FF, 5B, 79, AD, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHStartNetConnectionDialogW + 1D 7CAD0A00 12 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHStartNetConnectionDialogW + 2B 7CAD0A0E 5 Bytes [ 00, 00, 00, 00, 00 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHStartNetConnectionDialogW + 32 7CAD0A15 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHStartNetConnectionDialogW + 41 7CAD0A24 31 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHStartNetConnectionDialogW + 61 7CAD0A44 38 Bytes [ C0, 77, 77, FF, D3, A7, A7, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexW + B 7CAD294C 45 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexW + 3B 7CAD297C 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexW + 58 7CAD2999 19 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexW + 6C 7CAD29AD 102 Bytes [ 00, 00, 0D, 00, 00, 00, 06, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexW + D3 7CAD2A14 14 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexA + A 7CAD2A23 29 Bytes [ 05, 00, 00, 00, 20, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexA + 28 7CAD2A41 40 Bytes [ 00, 00, 19, 00, 00, 00, 12, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexA + 51 7CAD2A6A 80 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexA + A2 7CAD2ABB 22 Bytes [ 80, 00, 00, 00, 73, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHGetIconOverlayIndexA + BA 7CAD2AD3 43 Bytes [ 2E, 00, 00, 00, 25, 00, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgCreate + F 7CAD357F 9 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgCreate + 19 7CAD3589 27 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgCreate + 35 7CAD35A5 32 Bytes [ E6, E2, FF, FA, FB, F7, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgCreate + 56 7CAD35C6 4 Bytes [ FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgCreate + 5B 7CAD35CB 5 Bytes [ FF, FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgWriteMultiple + 38 7CAD4208 5 Bytes [ FF, FF, FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgWriteMultiple + 3E 7CAD420E 17 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgWriteMultiple + 50 7CAD4220 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgWriteMultiple + 54 7CAD4224 2 Bytes [ FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHPropStgWriteMultiple + 57 7CAD4227 5 Bytes [ FF, FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLimitInputEdit + 366 7CAD520A 24 Bytes [ F4, F4, F4, F4, F4, E5, CE, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLimitInputEdit + 37F 7CAD5223 149 Bytes [ E5, 8F, 8C, 55, 51, 37, 4F, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMultiFileProperties + 10 7CAD52B9 183 Bytes [ D2, B3, 4B, 0C, 2C, 33, 33, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMultiFileProperties + C8 7CAD5371 304 Bytes [ FD, FD, FD, FD, 2F, 54, 53, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMultiFileProperties + 1F9 7CAD54A2 23 Bytes [ FD, FD, FD, FB, FB, FB, FB, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMultiFileProperties + 211 7CAD54BA 6 Bytes [ 01, 01, 01, 01, 01, C6 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHMultiFileProperties + 218 7CAD54C1 54 Bytes [ FD, FD, FD, FD, FD, FD, FD, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 1C 7CAD5A6B 44 Bytes [ 00, B5, 94, 87, 00, A7, 9B, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 49 7CAD5A98 63 Bytes [ E2, 9A, 8E, 00, E1, 9B, 90, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 89 7CAD5AD8 71 Bytes [ CC, B4, A9, 00, D6, BA, A9, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + D1 7CAD5B20 79 Bytes [ FF, D8, 96, 00, D9, C2, B1, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 121 7CAD5B70 20 Bytes CALL 78AE204A
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CallCPLEntry16 + 29 7CB2A592 3 Bytes [ FF, FF, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CallCPLEntry16 + 2D 7CB2A596 19 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CallCPLEntry16 + 41 7CB2A5AA 22 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CallCPLEntry16 + 58 7CB2A5C1 12 Bytes [ FF, FF, FF, FF, FF, FF, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!CallCPLEntry16 + 66 7CB2A5CF 6 Bytes [ FF, FF, FF, FF, FF, FF ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Options_RunDLL + 8 7CB5B010 43 Bytes [ FF, DA, DA, FF, FF, DC, DC, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Options_RunDLLW + 8 7CB5B03C 43 Bytes [ FF, FF, CC, FF, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Options_RunDLLW + 34 7CB5B068 14 Bytes [ 80, 80, 66, FF, BF, BF, 99, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Options_RunDLLW + 43 7CB5B077 11 Bytes [ FF, 80, 80, 66, FF, BF, BF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Options_RunDLLW + 4F 7CB5B083 129 Bytes [ FF, 00, 00, 00, FF, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!Options_RunDLLW + D2 7CB5B106 33 Bytes [ 00, FF, 70, 70, 59, FF, EF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateLocalServerRunDll + 3C 7CB5CFB9 11 Bytes [ 00, 00, 00, 00, 0F, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateLocalServerRunDll + 48 7CB5CFC5 40 Bytes [ 1F, 00, 00, FC, 00, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateLocalServerRunDll + 71 7CB5CFEE 4 Bytes [ 00, 00, FF, F8 ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateLocalServerRunDll + 76 7CB5CFF3 3 Bytes [ 00, 1F, FF ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!SHCreateLocalServerRunDll + 7B 7CB5CFF8 82 Bytes [ FF, FE, 00, 00, 7F, FF, 00, ... ]
.text ...
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + 1 7CB9AEE3 109 Bytes [ FF, FF, FF, FF, FF, 83, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + 6F 7CB9AF51 10 Bytes [ FC, 00, 7F, FF, FE, 01, FF, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + 7A 7CB9AF5C 77 Bytes [ FF, FF, 1F, FF, 28, 00, 00, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + C8 7CB9AFAA 152 Bytes [ 00, 00, 5C, 34, 03, 00, 82, ... ]
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe[204] SHELL32.dll!StrStrW + 161 7CB9B043 10 Bytes [ 00, BB, FF, FF, 00, E3, FF, ... ]
.text ...
.text C:\PROGRA~1\McAfee\MSC\mcpromgr.exe[232] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\MSC\mcpromgr.exe[232] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\MSC\mcpromgr.exe[232] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe[320] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe[320] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\COMMON~1\McAfee\RedirSvc\RedirSvc.exe[320] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe[396] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe[396] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\Mcshield.exe[396] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[444] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[444] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe[444] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\McAfee\MPF\MpfSrv.exe[532] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\McAfee\MPF\MpfSrv.exe[532] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\McAfee\MPF\MpfSrv.exe[532] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[668] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[668] user32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[668] user32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\PSIService.exe[696] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\PSIService.exe[696] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\PSIService.exe[696] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F57
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A0056
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F7C
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F8D
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FA8
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F29
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A0071
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A0ED8
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A0EF3
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A008C
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A002F
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0FDE
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A0F46
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0014
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FCD
.text C:\Program Files\Messenger\msmsgs.exe[716] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A0F04
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0029002C
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00290051
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0029001B
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0029000A
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00290F94
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00290FA5
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00290FEF
.text C:\Program Files\Messenger\msmsgs.exe[716] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00290FB6
.text C:\Program Files\Messenger\msmsgs.exe[716] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\Program Files\Messenger\msmsgs.exe[716] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Messenger\msmsgs.exe[716] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 002A0FE5
.text C:\Program Files\Messenger\msmsgs.exe[716] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 002B0FEF
.text C:\Program Files\Messenger\msmsgs.exe[716] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 002B0FDE
.text C:\Program Files\Messenger\msmsgs.exe[716] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 002B0014
.text C:\Program Files\Messenger\msmsgs.exe[716] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 002B0039
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[732] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[732] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe[732] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\csrss.exe[792] KERNEL32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\csrss.exe[792] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\winlogon.exe[824] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\winlogon.exe[824] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF000A
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00FF0F70
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF0065
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00FF0F97
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF0FA8
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF0FCA
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00FF0F30
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00FF0076
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF00BF
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF00AE
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00FF0F0B
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00FF0FB9
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00FF0FE5
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00FF0F55
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00FF0036
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00FF001B
.text C:\WINDOWS\system32\services.exe[868] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00FF009D
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 009A0FB9
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 009A006C
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 009A000A
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 009A0FD4
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 009A005B
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 009A0040
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 009A0FEF
.text C:\WINDOWS\system32\services.exe[868] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 009A002F
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\services.exe[868] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\services.exe[868] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00970FEF
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01150FEF
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01150F5F
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01150054
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01150F7C
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01150F8D
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01150FAF
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01150F2E
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01150076
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01150EF1
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01150F02
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 01150ED6
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01150F9E
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01150014
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01150065
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01150025
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01150FD4
.text C:\WINDOWS\system32\lsass.exe[880] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01150F1D
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01140FC3
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01140076
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01140FD4
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01140FEF
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01140065
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0114004A
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01140000
.text C:\WINDOWS\system32\lsass.exe[880] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01140039
.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\lsass.exe[880] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\lsass.exe[880] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00FE0000
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[928] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[928] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe[928] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ctfmon.exe[1020] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ctfmon.exe[1020] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ctfmon.exe[1020] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\ati2evxx.exe[1052] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ati2evxx.exe[1052] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ati2evxx.exe[1052] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00840FEF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00840F30
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00840F41
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0084001B
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 0084000A
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00840F79
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 0084006C
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00840051
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00840EF5
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 0084008E
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 008400A9
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00840F68
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00840FD4
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00840040
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00840F94
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00840FAF
.text C:\WINDOWS\system32\svchost.exe[1068] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 0084007D
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00830FDE
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00830FA8
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0083002F
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00830FEF
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00830065
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 0083004A
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 0083000A
.text C:\WINDOWS\system32\svchost.exe[1068] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00830FC3
.text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1068] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1068] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00810000
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00B50FEF
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00B50073
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00B50F7E
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00B50FA5
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00B50062
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00B50051
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00B50F52
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00B5009A
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00B500D0
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00B50F41
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00B50F26
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00B50FC0
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00B50014
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00B50F63
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00B50040
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00B50025
.text C:\WINDOWS\system32\svchost.exe[1124] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00B500B5
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00B40FCD
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00B40FA8
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00B4001E
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!
cally120 is offline  
Old 04-29-2007, 08:24 AM   #11
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



GMER continued:

RegOpenKeyW 77DD770F 5 Bytes JMP 00B40FDE
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00B40065
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00B4004A
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00B40FEF
.text C:\WINDOWS\system32\svchost.exe[1124] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00B40039
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1124] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1124] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00B20FE5
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1240] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1240] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1240] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 01D40FEF
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 01D40FA5
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 01D40090
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 01D4007F
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 01D40062
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 01D40040
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 01D400ED
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 01D400D0
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 01D40123
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 01D40108
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 01D40134
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 01D40051
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 01D4000A
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 01D400B5
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 01D40025
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 01D40FD4
.text C:\WINDOWS\system32\svchost.exe[1280] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 01D40F94
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 01D30F9E
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 01D30F4D
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 01D30FB9
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 01D30FD4
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 01D30000
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 01D30F5E
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 01D30FEF
.text C:\WINDOWS\system32\svchost.exe[1280] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 01D30F79
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1280] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1280] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01D0000A
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 01D1000A
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 01D10FE5
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 01D10FD4
.text C:\WINDOWS\system32\svchost.exe[1280] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 01D10025
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00650000
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00650F59
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00650058
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00650F8A
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00650F9B
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00650022
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00650084
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00650F3C
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 006500A9
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00650F10
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00650EEB
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00650047
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00650FDB
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00650069
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00650011
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00650FCA
.text C:\WINDOWS\system32\svchost.exe[1412] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00650F21
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00640FE5
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0064006C
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00640036
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00640025
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0064005B
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00640FB9
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00640000
.text C:\WINDOWS\system32\svchost.exe[1412] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00640FD4
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1412] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1412] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00620000
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1492] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1492] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe[1492] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00980000
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00980082
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00980F8D
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 0098005B
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00980F9E
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00980FAF
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00980F55
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 0098009D
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 009800C2
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00980F29
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00980F0E
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00980036
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00980011
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00980F72
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00980FCA
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00980FDB
.text C:\WINDOWS\system32\svchost.exe[1524] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00980F44
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 0072001B
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00720FAF
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00720FCA
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00720000
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 0072006C
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00720051
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00720FE5
.text C:\WINDOWS\system32\svchost.exe[1524] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00720040
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1524] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1524] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 006F0000
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00700FE5
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00700FCA
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00700FB9
.text C:\WINDOWS\system32\svchost.exe[1524] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 0070000A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[1572] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[1572] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Webroot\Washer\wwDisp.exe[1572] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\spoolsv.exe[1708] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\spoolsv.exe[1708] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00C90FEF
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00C90F41
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00C90036
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00C90F68
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00C90F79
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00C90FB9
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00C9006C
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00C90F26
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00C90EEE
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00C90087
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00C90098
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00C90F94
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00C90FD4
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00C90051
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00C9001B
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00C9000A
.text C:\WINDOWS\system32\svchost.exe[1956] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00C90F09
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00C80F9E
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00C80036
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00C80FB9
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00C80FCA
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00C80025
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00C80014
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00C80FEF
.text C:\WINDOWS\system32\svchost.exe[1956] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00C80F8D
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[1956] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[1956] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 00C60FEF
.text C:\WINDOWS\system32\ati2evxx.exe[1996] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\ati2evxx.exe[1996] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\ati2evxx.exe[1996] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe[2000] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe[2000] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe[2000] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00BF000A
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 00BF0F94
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00BF0FAF
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 00BF0FC0
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00BF007D
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00BF0058
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 00BF00A4
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 00BF0F52
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00BF0F15
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00BF0F26
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 00BF0EF0
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 00BF0FD1
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 00BF001B
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 00BF0F79
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 00BF0047
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 00BF002C
.text C:\WINDOWS\explorer.exe[2116] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00BF0F41
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00BE002F
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 00BE0F72
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 00BE001E
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 00BE0FDE
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00BE0F97
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00BE0FA8
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00BE0FEF
.text C:\WINDOWS\explorer.exe[2116] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00BE0FC3
.text C:\WINDOWS\explorer.exe[2116] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\explorer.exe[2116] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\explorer.exe[2116] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00BC0000
.text C:\WINDOWS\explorer.exe[2116] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00BC0011
.text C:\WINDOWS\explorer.exe[2116] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00BC0022
.text C:\WINDOWS\explorer.exe[2116] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00BC0047
.text C:\WINDOWS\explorer.exe[2116] WS2_32.dll!socket 71AB3B91 5 Bytes JMP 01EA0000
.text C:\ScanPanel\ScnPanel.exe[2356] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\ScanPanel\ScnPanel.exe[2356] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\ScanPanel\ScnPanel.exe[2356] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2368] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2368] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iPod\bin\iPodService.exe[2368] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\blueyonder IST\bin\mpbtn.exe[2372] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\blueyonder IST\bin\mpbtn.exe[2372] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\blueyonder IST\bin\mpbtn.exe[2372] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[2568] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[2568] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\McAfee.com\Agent\mcagent.exe[2568] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\SiteAdvisor\6066\SAService.exe[2680] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\SiteAdvisor\6066\SAService.exe[2680] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SiteAdvisor\6066\SAService.exe[2680] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 001A0FEF
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001A0F5C
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 001A005B
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!LoadLibraryExW 7C801AF1 5 Bytes JMP 001A0F81
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 001A0F9E
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 001A0FB9
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!GetStartupInfoW 7C801E50 5 Bytes JMP 001A0F37
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!GetStartupInfoA 7C801EEE 5 Bytes JMP 001A007D
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001A00C6
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 001A00B5
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!GetProcAddress 7C80ADA0 5 Bytes JMP 001A00E1
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!LoadLibraryW 7C80AE4B 5 Bytes JMP 001A0040
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 001A0014
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!CreatePipe 7C81E0C7 5 Bytes JMP 001A006C
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!CreateNamedPipeW 7C82F0D4 5 Bytes JMP 001A0025
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!CreateNamedPipeA 7C85FC74 5 Bytes JMP 001A0FDE
.text C:\WINDOWS\system32\svchost.exe[2720] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 001A009A
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyExW 77DD6A78 5 Bytes JMP 00280047
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyExW 77DD7535 5 Bytes JMP 0028008E
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyExA 77DD761B 5 Bytes JMP 0028002C
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyW 77DD770F 5 Bytes JMP 0028001B
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyExA 77DDEAF4 5 Bytes JMP 00280069
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyW 77DF8F7D 5 Bytes JMP 00280058
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegOpenKeyA 77DFC41B 5 Bytes JMP 00280000
.text C:\WINDOWS\system32\svchost.exe[2720] ADVAPI32.dll!RegCreateKeyA 77DFD5BB 5 Bytes JMP 00280FDB
.text C:\WINDOWS\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0B0F5A
.text C:\WINDOWS\system32\svchost.exe[2720] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\VeohClientService.exe[2788] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\VeohClientService.exe[2788] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\VeohClientService.exe[2788] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\system32\alg.exe[3036] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\system32\alg.exe[3036] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\system32\alg.exe[3036] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[3040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\swdsvc.exe[3244] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ C7, 9E, C5, 83 ]
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3280] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3280] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Canon\CAL\CALMAIN.exe[3280] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3420] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3420] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[3420] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\GMER\carol.exe.exe[3436] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\GMER\carol.exe.exe[3436] kernel32.dll!FreeLibrary + 15 7C80ABF3 4 Bytes [ 45, 54, EF, F4 ]
.text C:\Program Files\GMER\carol.exe.exe[3436] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\GMER\carol.exe.exe[3436] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\WINDOWS\RTHDCPL.EXE[3672] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\WINDOWS\RTHDCPL.EXE[3672] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\WINDOWS\RTHDCPL.EXE[3672] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[3688] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[3688] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE[3688] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[3792] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[3792] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe[3792] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[3816] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[3816] kernel32.dll!CreateThread + 1A 7C810651 4 Bytes [ A7, 94, C3, 83 ]
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[3816] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Spyware Doctor\SDTrayApp.exe[3816] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3840] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3840] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3840] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\QuickTime\qttask.exe[3856] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\QuickTime\qttask.exe[3856] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\QuickTime\qttask.exe[3856] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\SiteAdvisor\6066\SiteAdv.exe[3864] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\SiteAdvisor\6066\SiteAdv.exe[3864] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\SiteAdvisor\6066\SiteAdv.exe[3864] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[4040] kernel32.dll!LoadLibraryExW 7C801AF1 6 Bytes JMP 5F070F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[4040] USER32.dll!SetWindowsHookExW 7E42DDB5 6 Bytes JMP 5F0A0F5A
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[4040] USER32.dll!SetWindowsHookExA 7E4311D1 6 Bytes JMP 5F040F5A

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Carol\Favorites\Education & Jobs\Educational & Teaching Resources :favicon

---- EOF - GMER 1.0.12 ----
cally120 is offline  
Old 04-29-2007, 08:25 AM   #12
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



Deckard's System Scanner v20070426.43
Run by Carol on 2007-04-29 at 15:11:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-04-29 14:12:12 UTC - RP35 - Deckard's System Scanner Restore Point
2: 2007-04-28 10:37:11 UTC - RP34 - System Checkpoint
1: 2007-04-26 22:05:29 UTC - RP33 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-04-29 15:49:19
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.0.5730.11)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MSC\mcmscsvc.exe
C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\McAfee\MSC\mcpromgr.exe
C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
C:\Program Files\McAfee\VirusScan\Mcshield.exe
C:\Program Files\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\McAfee\MPF\MpfSrv.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\VeohClientService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TextBridge Pro 8.0\Bin\InstantAccess.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Webroot\Washer\wwDisp.exe
C:\ScanPanel\ScnPanel.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\alg.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Documents and Settings\Carol\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.virginmedia.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://www.google.com/ie
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll (file missing)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar3.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar3.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [{1290A33C-85F5-4164-A1BE-7DD299D4986A}] "C:\Program Files\CyberLink\PowerBackup\PBKScheduler.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Window Washer] C:\Program Files\Webroot\Washer\wwDisp.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ScanPanel.lnk = C:\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra 'Tools' menuitem: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CFA086E-6336-4D95-B6AA-90F564E99631} (TNSClicker.Clicker) - https://www.shopandscan.com/TNSClicker.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - https://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - https://download.macromedia.com/pub/s...irector/sw.cab
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - https://www.trendsecure.com/framework...ex/TmHcmsX.CAB
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - https://tools.ebayimg.com/eps/wl/acti..._v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - https://update.microsoft.com/windowsu...?1145352294743
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - https://update.microsoft.com/microsof...?1147707658640
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - https://www.putfile.com/includes/ImageUploader4.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineconeresearch.com/A...oadcontrol.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://static.photobox.co.uk/sg/common/uploader_uni.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/s...sh/swflash.cab
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\system32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\EmProxy\emproxy.exe
O23 - Service: Google Updater Service (gusvc) - Google - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
O23 - Service: iPod Service - Apple Inc. - "C:\Program Files\iPod\bin\iPodService.exe"
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe"
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - "c:\program files\common files\mcafee\mna\mcnasvc.exe"
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\Program Files\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\RedirSvc\RedirSvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\Mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - "C:\Program Files\McAfee\MPF\MPFSrv.exe"
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\MadeSafe\Nvc\BIN\nipsvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe
O23 - Service: Veoh Client Service - Veoh Networks, Inc. - C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\VeohClientService.exe


-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

S3 CoachUsb (Coach Digital Camera on USB) - c:\windows\system32\drivers\coachusb.sys <Not Verified; FotoNation Ltd.; USB Driver for Digital Camera>
S3 CoachVc (Coach Video Capture) - c:\windows\system32\drivers\coachvc.sys <Not Verified; Accapella Ltd.; Video Capture Minidriver for Digital Camera>
S3 HSF_DPV - c:\windows\system32\drivers\hsf_dpv.sys (file missing)
S3 JL2005 (JL2005A Camera) - c:\windows\system32\drivers\toywdm.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 Veoh Client Service - c:\documents and settings\carol\desktop\michael folder\veoh\veohclientservice.exe <Not Verified; Veoh Networks, Inc.; VeohClientService Application>

S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe
S3 NipSvc (Norman API-hooking helper) - c:\madesafe\nvc\bin\nipsvc.exe (file missing)
cally120 is offline  
Old 04-29-2007, 08:26 AM   #13
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



Deckard continued:
-- Scheduled Tasks -------------------------------------------------------------

2007-04-29 14:57:12 256 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
2007-04-25 02:45:42 350 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-04-25 02:45:34 352 --a------ C:\WINDOWS\Tasks\McQcTask.job
2007-04-23 15:24:19 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2007-03-29 and 2007-04-29 -----------------------------

2007-04-29 14:48:34 0 d-------- C:\Program Files\GMER
2007-04-29 01:08:08 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-04-28 13:12:30 0 d-------- C:\Program Files\CCleaner
2007-04-28 03:16:26 0 d-------- C:\WINDOWS\system32\logs
2007-04-27 23:08:31 75264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-04-27 23:08:30 153088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-04-27 23:08:26 0 d-------- C:\Program Files\Trojan Remover
2007-04-27 23:08:26 0 d-------- C:\Documents and Settings\Carol\Application Data\Simply Super Software
2007-04-27 23:05:31 0 d-------- C:\Documents and Settings\LocalService\Desktop
2007-04-27 23:05:31 0 d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2007-04-27 23:05:09 0 d-------- C:\Program Files\SiteAdvisor
2007-04-27 23:05:09 0 d-------- C:\Documents and Settings\Carol\Application Data\SiteAdvisor
2007-04-27 23:05:09 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-04-25 02:41:40 0 d-------- C:\Program Files\McAfee.com
2007-04-25 02:40:12 0 d-------- C:\Program Files\Common Files\McAfee
2007-04-25 02:38:20 0 d-------- C:\Program Files\McAfee
2007-04-25 02:29:34 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-04-24 03:49:12 0 d-------- C:\Program Files\Webroot
2007-04-24 03:49:12 0 d-------- C:\Program Files\Common Files\Webroot Shared
2007-04-24 03:49:12 0 d-------- C:\Documents and Settings\Carol\Application Data\Webroot
2007-04-24 03:49:03 56832 --a------ C:\WINDOWS\Unwash6.exe <Not Verified; Webroot Software, Inc.; >
2007-04-24 03:05:39 0 d-------- C:\recycled
2007-03-29 00:38:49 0 d-------- C:\Documents and Settings\All Users\eBay


-- Find3M Report ---------------------------------------------------------------

2007-04-28 21:18:13 0 d-------- C:\Documents and Settings\Carol\Application Data\uTorrent
2007-04-27 10:52:15 0 d-------- C:\Program Files\Spyware Doctor
2007-04-27 02:30:58 0 d-------- C:\Documents and Settings\Carol\Application Data\Corel
2007-04-27 02:30:44 2828 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-04-26 22:55:07 0 d-------- C:\Program Files\BitTorrent
2007-04-26 22:08:45 0 d-------- C:\Documents and Settings\Carol\Application Data\BitTorrent
2007-04-25 16:36:14 0 d-------- C:\Program Files\Java
2007-03-28 21:30:20 0 d-------- C:\Program Files\iTunes
2007-03-28 21:29:50 0 d-------- C:\Program Files\iPod
2007-03-28 21:24:46 0 d-------- C:\Program Files\Apple Software Update
2007-03-28 21:11:35 0 d-------- C:\Program Files\QuickTime
2007-03-26 17:31:40 0 d-------- C:\Documents and Settings\Carol\Application Data\bang
2007-03-24 01:52:42 0 d-------- C:\Program Files\CyberLink
2007-03-24 01:52:41 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-03-24 01:15:00 0 d-------- C:\Program Files\ArcSoft
2007-03-21 19:08:11 1485 --a------ C:\WINDOWS\mozver.dat
2007-03-21 03:32:43 0 d-------- C:\Program Files\Common Files\PC Tools
2007-03-15 20:42:49 0 d-------- C:\Program Files\MSN Messenger
2007-03-14 22:12:20 0 d-------- C:\Documents and Settings\Carol\Application Data\Apple Computer
2007-03-01 20:00:54 0 d-------- C:\Program Files\JL2005A
2007-02-15 03:56:03 40466 --a------ C:\WINDOWS\system32\FFScreensaveruninst.exe <Not Verified; ; Forever Friends Screensaver>
2007-02-02 18:13:48 3191021 --a------ C:\WINDOWS\system32\FFValentines screensaver.scr <Not Verified; Hallmark Cards PLC; FFValentine's screensaver>


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670} C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
{089FD14D-132B-48FC-8861-0048AE113215} C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
{53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
{5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll [x]
{724d43a9-0d85-11d4-9908-00400523e39a} C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} c:\program files\mcafee\virusscan\scriptcl.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} c:\program files\google\googletoolbar3.dll
{B56A7D7D-6927-48C8-A975-17DF180C71AC} C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll [x]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} C:\Program Files\Windows Live Toolbar\msntb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"{1290A33C-85F5-4164-A1BE-7DD299D4986A}"="\"C:\\Program Files\\CyberLink\\PowerBackup\\PBKScheduler.exe\""
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"InstantAccess"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\INSTAN~1.EXE /h"
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"SDTray"="\"C:\\Program Files\\Spyware Doctor\\SDTrayApp.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SiteAdvisor"="C:\\Program Files\\SiteAdvisor\\6066\\SiteAdv.exe"
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Power2GoExpress"=""
"SpybotSD TeaTimer"="C:\\Program Files\\Spybot - Search & Destroy\\TeaTimer.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""
"RoboForm"="\"C:\\Program Files\\Siber Systems\\AI RoboForm\\RoboTaskBarIcon.exe\""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"Window Washer"="C:\\Program Files\\Webroot\\Washer\\wwDisp.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"RegisterDropHandler"="C:\\PROGRA~1\\TEXTBR~1.0\\Bin\\REGIST~1.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdauxservice
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\sdcoreservice

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



-- End of Deckard's System Scanner: finished at 2007-04-29 at 15:50:43 ---------
cally120 is offline  
Old 04-29-2007, 08:27 AM   #14
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) D CPU 2.80GHz
CPU 1: Intel(R) Pentium(R) D CPU 2.80GHz
Percentage of Memory in Use: 68%
Physical Memory (total/avail): 511.48 MiB / 159.19 MiB
Pagefile Memory (total/avail): 1246.79 MiB / 556.6 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1935.93 MiB

C: is Fixed (NTFS) - 153.38 GiB total, 112.93 GiB free.
D: is CDROM (No Media)
E: is Removable (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)


-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: McAfee Personal Firewall v (McAfee)
AV: McAfee VirusScan v (McAfee)


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Carol\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=YOUR-6E1249417D
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Carol
LOGONSERVER=\\YOUR-6E1249417D
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\QuickTime\QTSystem\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 4, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0404
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Carol\LOCALS~1\Temp
TMP=C:\DOCUME~1\Carol\LOCALS~1\Temp
USERDOMAIN=YOUR-6E1249417D
USERNAME=Carol
USERPROFILE=C:\Documents and Settings\Carol
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

Carol (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\BLUEYO~1\Uninstall.exe blueyonder
--> C:\Program Files\Nero\Nero 7\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
--> C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
--> C:\WINDOWS\UNNeroVision.exe /UNINSTALL
--> C:\WINDOWS\UNRecode.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 4.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 4.0\NT\Uninst.dll"
Adobe Flash Player 9 --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
AI RoboForm (All Users) --> "C:\Program Files\Siber Systems\AI RoboForm\rfwipeout.exe"
Apple Software Update --> MsiExec.exe /I{A260B422-70E1-41E2-957D-F76FA21266D5}
ArcSoft PhotoImpression 4 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7D4ED56E-C3DF-46F6-924B-D6774A766943}\Setup.exe" -l0x9
AstraSlim SE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E8177167-5AF4-42EC-AF20-18416E903F0F}\setup.exe"
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,[email protected] -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
Avery Wizard 2.5 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{6B10045E-6789-49C4-BFED-52575F5B76BF}
AVG Anti-Spyware 7.5 --> C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
BitComet 0.73 --> C:\Program Files\BitComet\uninst.exe
BitTorrent 5.0.7 --> "C:\Program Files\BitTorrent\uninstall.exe"
blueyonder Instant Support Tool --> C:\WINDOWS\Motive\blueyonder\MCCUninst.exe
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon i350 --> C:\WINDOWS\system32\CNMCP53.exe "-PRINTERNAMECanon i350" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon i350 Installer\Inst2\cnmi0409.dll"
CANON iMAGE GATEWAY Task --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
Corel Paint Shop Pro Photo XI --> MsiExec.exe /I{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}
Digital Camera Device Driver --> C:\PROGRA~1\DIGITA~1\UNWISE.EXE C:\PROGRA~1\DIGITA~1\INSTALL.LOG
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Content Uploader --> C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player --> C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DSXploder --> MsiExec.exe /I{9171AA9F-0A16-4683-9ECA-0428895B8E8B}
Forever Friends Valentine's Screensaver --> C:\WINDOWS\system32\FFScreensaveruninst.exe
ForeverFriends Screensaver --> C:\WINDOWS\system32\FFScreensaveruninst.exe
Google Toolbar for Internet Explorer --> regsvr32 /u /s "c:\program files\google\googletoolbar3.dll"
High Definition Audio Driver Package - KB888111 -->
HijackThis 2.0.0 --> "C:\Documents and Settings\Carol\Desktop\HiJackThis_v2\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
I-Scan --> MsiExec.exe /I{D0F33CC8-6514-4CBA-BEBB-865BE07E842F}
iTunes --> MsiExec.exe /I{AB90749C-7422-4580-8A7A-66CC5E9E5F98}
J2SE Runtime Environment 5.0 Update 10 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Kaspersky Online Scanner --> C:\WINDOWS\system32\KASPER~1\KASPER~1\kavuninstall.exe
Madesafe --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9BAE6E07-385E-11D7-9FE9-0000865324E5}\setup.exe" -l0x9
McAfee SecurityCenter --> C:\Program Files\McAfee\MSC\mcuninst.exe
MediaShow 3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D5A9B7C0-8751-11D8-9D75-000129760D75}\setup.exe" -uninstall
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional with FrontPage --> MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Plus! for Windows XP --> MsiExec.exe /I{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 7 Ultra Edition --> MsiExec.exe /I{38E0C491-5230-4373-B62E-F1A6E94B1033}
PCI SoftV92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F30&SUBSYS_205514F1\HXFSETUP.EXE -U -IPSCRCTR5K.INF
PhotoNow! 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D36DD326-7280-11D8-97C8-000129760CBE}\setup.exe" -uninstall
PL-2303 USB-to-Serial --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}\Setup.exe" -l0x9 Installed
Power2Go 4.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
PowerBackup 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ADD5DB49-72CF-11D8-9D75-000129760D75}\setup.exe" -uninstall
PowerDVD --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerDVD Copy 1.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E3D04529-6EDB-11D8-A372-0050BAE317E1}\setup.exe" -uninstall
PowerProducer --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
PowerStarter --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Realtek High Definition Audio Driver --> RtlUpd.exe -r
Scientific Atlanta WebSTAR 100 & 200 series Cable Modem --> UNDPX.EXE
Shareaza version 2.2.1.0 --> "C:\Program Files\Shareaza\Uninstall\unins000.exe"
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{95FC661A-A0C5-4B18-92CE-90347DA79CC9}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Spyware Doctor 5.0 --> C:\Program Files\Spyware Doctor\unins000.exe
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Tabbed Browsing (Windows Live Toolbar) --> MsiExec.exe /X{1707BF02-0F5C-4A6C-8F17-053BB73E443F}
TextBridge Pro 8.0 --> "C:\Program Files\TextBridge Pro 8.0\bin\setup.exe" -funinst.ins
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 Nightlife --> C:\Program Files\EA GAMES\The Sims 2 Nightlife\EAUninstall.exe
The Sims 2 Pets --> C:\Program Files\EA GAMES\The Sims 2 Pets\EAUninstall.exe
Trojan Remover 6.5.9 --> "C:\Program Files\Trojan Remover\unins000.exe"
Turbo Lister 2 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{69640730-B830-4C24-BB5C-222DA1260548}
Uninstall JL2005A Camera --> "C:\Program Files\JL2005A\unins000.exe"
Veoh --> C:\Documents and Settings\Carol\Desktop\Michael folder\Veoh\uninst.exe
Window Washer --> C:\WINDOWS\Unwash6.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
Windows Live Sign-in Assistant --> MsiExec.exe /I{22B3CC30-77B8-419C-AA4B-F571FDF5D66D}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar --> MsiExec.exe /X{9DA72A9F-4246-4C10-B0FA-D8C1037D45F8}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{3727B920-F5A3-46A4-AC02-94F421A039C7}
Windows Live Toolbar Feed Detector (Windows Live Toolbar) --> MsiExec.exe /X{38024121-D084-4E7D-B1A2-1A04CB5C4CF3}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
Yahoo! Toolbar --> C:\PROGRA~1\Yahoo!\Common\unyt.exe


-- End of Deckard's System Scanner: finished at 2007-04-29 at 15:50:43 ---------
cally120 is offline  
Old 04-29-2007, 05:40 PM   #15
Guest
 
Join Date: Nov 2006
Posts: 207
OS:



Quote:
it finds the trojan and deletes it, i restart the pc and it comes back. .

It Says the File is:
Memory\LoadLibraryExW
\

Are you still getting the message? Can you tell me anything about the trojan it is finding. Is there a name? Could you possible post (reply) with the whole message?
Susan528 is offline  
Old 04-30-2007, 03:30 PM   #16
Guest
 
Join Date: Apr 2007
Posts: 14
OS:



Hi its all been sorted out now thanks, if anyone else has this problem, here is what we all had to do as there was a few of us with the same error.

https://www.pctools.com/forum/showthread.php?t=47189
cally120 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
My Hijack This log...had trojan, please help
My AOL Spycatcher found "Trojan.win32.dialer.hc" and deleted it. I came on here to read about it and make sure it was all gone and when I went to, per your instructions: HKEY_CURRENT_USER/Software/Microsoft/Windows/Current Version/Internet Settings/Zone Map/Domains" all kinds of garbage folders...
Fieldmouse Inactive Malware Help Topics 2 11-09-2005 12:36 PM
aurora - part of the abi network (hijack this log)
I have tried adaware pro, bps spyware remover and xoftspy with no luck of removing this stupid Aurora pop up. Here is my hijack this log file. I used the HijackThis Analyzer program to get the "new" log. Thank you for any help you can provide. ...
DragonMatt81 Inactive Malware Help Topics 1 08-13-2005 08:28 PM
Hijack this Log
Ok, I will post the log that I have after my message here. The log has been run through the KRC hijack this analyzeer already, so keep that in mind. Secondly, there are some "extra buttons" and "extra "tools"" How do I get rid of these. I dont use any of these programs, but they are always...
phisigblunt Inactive Malware Help Topics 3 07-31-2005 07:49 PM
Help!!! Hijack This And Adaware Log
HELP!! Ad-aware kieeps finding the following and i cant get rid of it virus: Java/Byte/ByteVerify INSTAFINDER COULOMB DIALER ON TOP OF THIS MY COMPUTER IS RUNNG VERY SLOW. WHAT IS GOING ON AND CAN ANYONE TELL ME WAHT TO DO TO GET RID OF THIS STUFF??? HERE IS MY ADAWARE LOG AND MY HIJACK...
DLIEDKA Inactive Malware Help Topics 1 06-20-2005 07:48 AM
Hijack this with analyser log.
Hello, Please help me get rid of the xlime popups and others on my PC. I have followed the instructions of before I post my log. This is my hijack this analyser log. Please help!!! Thanks!!...
woodville59 Inactive Malware Help Topics 1 01-03-2005 03:59 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:13 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts