1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Inactive Random Freezing

Discussion in 'Malware and Virus Removal Archive' started by amber1970, 2010/01/06.

  1. 2010/01/06
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    [Inactive] Random Freezing

    I had a post in windows XP about random freezing but could not get that post over here. But here are the logs I was instructed to post.


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_09-12-01.01)

    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 4/12/2004 7:20:55 PM
    System Uptime: 1/6/2010 7:24:46 AM (0 hours ago)

    Motherboard: ASUSTek Computer INC. | | Kelut
    Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2166/167mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 145 GiB total, 112.118 GiB free.
    D: is FIXED (FAT32) - 4 GiB total, 0.613 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    K: is Removable
    L: is Removable
    M: is Removable
    N: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: 1394 Net Adapter
    Device ID: V1394\NIC1394\6922F0E01800
    Manufacturer: Microsoft
    Name: 1394 Net Adapter
    PNP Device ID: V1394\NIC1394\6922F0E01800
    Service: NIC1394

    ==== System Restore Points ===================

    RP430: 11/14/2009 8:09:29 PM - Configured Microsoft Office Professional 2007 Trial
    RP431: 11/16/2009 7:05:22 AM - System Checkpoint
    RP432: 11/17/2009 6:28:03 AM - Software Distribution Service 3.0
    RP433: 11/18/2009 6:51:46 AM - System Checkpoint
    RP434: 11/19/2009 7:16:42 AM - System Checkpoint
    RP435: 11/19/2009 6:33:18 PM - Installed QuickTime
    RP436: 11/20/2009 6:32:10 AM - Software Distribution Service 3.0
    RP437: 11/21/2009 12:22:07 PM - System Checkpoint
    RP438: 11/22/2009 8:29:40 PM - System Checkpoint
    RP439: 11/23/2009 9:48:20 PM - System Checkpoint
    RP440: 11/24/2009 6:24:39 AM - Software Distribution Service 3.0
    RP441: 11/24/2009 6:26:31 AM - Software Distribution Service 3.0
    RP442: 11/24/2009 8:58:19 AM - Software Distribution Service 3.0
    RP443: 11/25/2009 8:47:53 AM - Software Distribution Service 3.0
    RP444: 11/26/2009 9:49:07 AM - Software Distribution Service 3.0
    RP445: 11/27/2009 10:18:53 AM - System Checkpoint
    RP446: 11/28/2009 10:39:30 AM - System Checkpoint
    RP447: 11/29/2009 11:15:15 AM - System Checkpoint
    RP448: 11/30/2009 12:43:52 PM - System Checkpoint
    RP449: 12/1/2009 6:20:46 AM - Software Distribution Service 3.0
    RP450: 12/1/2009 10:53:34 AM - Software Distribution Service 3.0
    RP451: 12/2/2009 2:10:57 PM - System Checkpoint
    RP452: 12/3/2009 1:42:24 PM - Software Distribution Service 3.0
    RP453: 12/4/2009 2:18:32 PM - System Checkpoint
    RP454: 12/5/2009 2:26:31 PM - System Checkpoint
    RP455: 12/6/2009 3:07:23 PM - System Checkpoint
    RP456: 12/7/2009 4:55:56 PM - System Checkpoint
    RP457: 12/8/2009 6:23:14 AM - Software Distribution Service 3.0
    RP458: 12/8/2009 6:40:51 AM - Software Distribution Service 3.0
    RP459: 12/9/2009 6:17:51 AM - Software Distribution Service 3.0
    RP460: 12/9/2009 6:23:15 AM - Software Distribution Service 3.0
    RP461: 12/10/2009 11:30:06 AM - Software Distribution Service 3.0
    RP462: 12/11/2009 6:11:47 AM - Software Distribution Service 3.0
    RP463: 12/12/2009 8:04:27 AM - Software Distribution Service 3.0
    RP464: 12/13/2009 10:03:46 AM - System Checkpoint
    RP465: 12/13/2009 10:56:20 AM - Installed DirectX
    RP466: 12/13/2009 10:58:05 AM - Installed WinDVD
    RP467: 12/14/2009 11:38:00 AM - System Checkpoint
    RP468: 12/15/2009 7:18:47 AM - Software Distribution Service 3.0
    RP469: 12/16/2009 1:08:16 PM - System Checkpoint
    RP470: 12/17/2009 3:11:26 PM - Software Distribution Service 3.0
    RP471: 12/18/2009 10:45:13 AM - Software Distribution Service 3.0
    RP472: 12/19/2009 10:54:52 AM - Software Distribution Service 3.0
    RP473: 12/19/2009 6:17:59 PM - Software Distribution Service 3.0
    RP474: 12/20/2009 8:42:53 PM - System Checkpoint
    RP475: 12/21/2009 9:40:47 AM - Software Distribution Service 3.0
    RP476: 12/22/2009 9:07:34 AM - Software Distribution Service 3.0
    RP477: 12/22/2009 9:25:42 AM - Software Distribution Service 3.0
    RP478: 12/23/2009 10:01:41 AM - Software Distribution Service 3.0
    RP479: 12/24/2009 10:04:21 AM - Software Distribution Service 3.0
    RP480: 12/24/2009 10:20:30 AM - Software Distribution Service 3.0
    RP481: 12/25/2009 10:40:57 AM - Software Distribution Service 3.0
    RP482: 12/26/2009 11:14:54 AM - Software Distribution Service 3.0
    RP483: 12/27/2009 11:54:10 AM - System Checkpoint
    RP484: 12/28/2009 12:40:05 PM - System Checkpoint
    RP485: 12/28/2009 5:21:14 PM - Software Distribution Service 3.0
    RP486: 12/29/2009 6:18:45 PM - System Checkpoint
    RP487: 12/31/2009 9:41:20 AM - Software Distribution Service 3.0
    RP488: 1/1/2010 12:46:48 PM - System Checkpoint
    RP489: 1/2/2010 2:38:10 PM - System Checkpoint
    RP490: 1/3/2010 5:25:25 PM - System Checkpoint
    RP491: 1/4/2010 11:25:41 AM - Software Distribution Service 3.0
    RP492: 1/4/2010 11:55:28 AM - Software Distribution Service 3.0
    RP493: 1/5/2010 1:54:05 PM - System Checkpoint

    ==== Installed Programs ======================


    Acrobat.com
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Asset Services CS3
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Help Viewer CS3
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop CS3
    Adobe Reader 9.1.3
    Adobe Setup
    Adobe Shockwave Player
    Adobe Stock Photos CS3
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    AiO_Scan
    AIOMinimal
    AiOSoftware
    AnswerWorks 4.0 Runtime - English
    AnswerWorks 5.0 English Runtime
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Yahoo! Applications
    ATT-PRT22
    Auslogics Registry Cleaner
    Avanquest update
    Backyard Football
    Bonjour
    CameraDrivers
    CDBurnerXP
    COMODO Internet Security
    Compaq Connections
    Compaq Instant Support
    Compaq Organize
    Copy
    Corel WinDVD 9
    Coupon Printer for Windows
    CreativeProjects
    Critical Update for Windows Media Player 11 (KB959772)
    Director
    Disney Trivia Challenge
    DocProc
    Dr Paper 5
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    ESPN Java Check
    Fax
    Free Window Registry Repair
    GenoPro 2.0.1.6
    Glary Registry Repair 3.2.0.828
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB970653-v3)
    Hotfix for Windows XP (KB976098-v2)
    hp deskjet 3600
    hp deskjet 3600 series
    HP Deskjet Preloaded Printer Drivers
    HP Photo and Imaging 2.0 - Deskjet Series
    HP Product Detection
    HP Software Update
    hpg2436
    hpg3970
    hpg4600
    hpg5530
    hpg8200
    hpmdtab
    HpSdpAppCoreApp
    HPSystemDiagnostics
    InstantShare
    IntelliMover Data Transfer Demo
    iTunes
    Java(TM) 6 Update 15
    KBD
    LG USB Modem driver
    LimeWire 5.2.13
    LiveReg (Symantec Corporation)
    Malwarebytes' Anti-Malware
    Memories Disc Creator 2.0
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007 Trial
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Plus! Digital Media Edition
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Windows XP Video Decoder Checkup Utility
    mobile PhoneTools
    MobileMe Control Panel
    Move Media Player
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP2 and SOAP Toolkit 3.0
    Multimedia Card Reader
    NickToons Racing
    NVIDIA GART Driver
    OpenOffice.org Installer 1.0
    overland
    PassAlong Software
    PC-Doctor for Windows
    PCFriendly
    PDF Settings
    PhotoGallery
    PokerStars
    PrintScreen
    PS2
    PSShortcutsP
    Python 2.2 combined Win32 extensions
    Python 2.2.1
    QFolder
    QuickProjects
    QuickTime
    Readme
    RealPlayer
    RecordNow!
    Rugrats(tm) Movie Activity Challenge
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    Safari
    Scan
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB973704)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB973593)
    Security Update for Microsoft Office Outlook 2007 (KB972363)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office Publisher 2007 (KB969693)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Security Update for Step By Step Interactive Training (KB898458)
    Security Update for Step By Step Interactive Training (KB923723)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 8 (KB969897)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB972260)
    Security Update for Windows Internet Explorer 8 (KB974455)
    Security Update for Windows Internet Explorer 8 (KB976325)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player 10 (KB911565)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950759)
    Security Update for Windows XP (KB950760)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951376)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953838)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956390)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958215)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960714)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Sierra Utilities
    SkinsHP1
    SkinsHP2
    SmartDraw 2009
    Sonic Update Manager
    SpamSubtract
    Spy Sweeper Core
    SUPERAntiSpyware Free Edition
    Symantec KB-DocID:2003093015493306
    TrayApp
    TurboTax 2008
    TurboTax 2008 WinPerFedFormset
    TurboTax 2008 WinPerProgramHelp
    TurboTax 2008 WinPerReleaseEngine
    TurboTax 2008 WinPerTaxSupport
    TurboTax 2008 WinPerUserEducation
    TurboTax 2008 wrapper
    TurboTax Basic 2005
    TurboTax Basic 2007
    Unload
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Update for Outlook 2007 Junk Email Filter (kb976884)
    Update for Windows Internet Explorer 8 (KB971180)
    Update for Windows Internet Explorer 8 (KB976749)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VIA Rhine-Family Fast-Ethernet Adapter
    VIA/S3G Display Driver
    Viewpoint Manager (Remove Only)
    Viewpoint Media Player (Remove Only)
    WebFldrs XP
    WebReg
    Webroot AntiVirus with AntiSpyware
    WexTech AnswerWorks
    Windows Defender
    Windows Genuine Advantage v1.3.0254.0
    Windows Internet Explorer 8
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Search 4.0
    Windows XP Service Pack 3

    ==== Event Viewer Messages From Past Week ========

    12/31/2009 9:49:25 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.71.1568.0).
    12/31/2009 9:47:39 AM, error: WinDefend [2003] - Windows Defender has encountered an error trying to update the engine. New Engine Version: 1.1.5302.0 Previous Engine Version: 1.1.5302.0 Update Source: User User: NT AUTHORITY\SYSTEM Error Code: 0x800704c8 Error description: The requested operation cannot be performed on a file with a user-mapped section open.
    12/31/2009 9:47:39 AM, error: WinDefend [2001] - Windows Defender has encountered an error trying to update signatures. New Signature Version: 1.71.1568.0 Previous Signature Version: 1.71.1568.0 Update Source: User Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: 1.1.5302.0 Previous Engine Version: 1.1.5302.0 Error code: 0x800704c8 Error description: The requested operation cannot be performed on a file with a user-mapped section open.
    12/31/2009 8:18:14 PM, error: Dhcp [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 000EA695A0FB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    12/31/2009 8:09:59 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service upnphost with arguments " " in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    12/31/2009 10:26:41 PM, error: DCOM [10000] - Unable to start a DCOM Server: {9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}. The error: "%2" Happened while starting this command: C:\PROGRA~1\The KMPlayer\KMPlayer.exe -Embedding
    1/4/2010 11:25:52 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.71.1705.0).
    1/2/2010 4:00:52 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 000EA695A0FB has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

    ==== End Of File ===========================




    DDS (Ver_09-12-01.01) - NTFSx86
    Run by Owner at 7:34:24.10 on Wed 01/06/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1471.815 [GMT -5:00]

    AV: Webroot AntiVirus with AntiSpyware *On-access scanning enabled* (Updated) {B3891867-7230-459B-9987-E7CCFA7A7D1D}
    FW: Webroot Internet Security Essentials *disabled* {2DB6657C-B970-44d3-AB42-6325A913CCC2}
    FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

    ============== Running Processes ===============

    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\Explorer.EXE
    svchost.exe
    svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\80CQ0UH0\dds[1].scr

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    uStart Page = hxxp://yahoo.sbc.com/dsl
    uSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=yie7c
    mSearch Bar = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    mWinlogon: SFCDisable=-99 (0xffffff9d)
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    EB: &Yahoo! Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - blank
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [SUPERAntiSpyware] "c:\program files\superantispyware\SUPERAntiSpyware.exe "
    uRunOnce: [Shockwave Updater] "c:\windows\system32\adobe\shockwave 11\SwHelper_1103471.exe" -Update -1103471 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; YPC 3.2.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows-Media-Player/10.00.00.3990; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; IEMB3)" - "http://www.cartoonnetwork.com/games/courage/creeptv/index.html "
    mRun: [hpsysdrv] "c:\windows\system\hpsysdrv.exe "
    mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
    mRun: [AlcxMonitor] "c:\windows\ALCXMNTR.EXE "
    mRun: [DeviceDiscovery] "c:\program files\hp\digital imaging\bin\hpotdd01.exe "
    mRun: [HPHmon05] "c:\windows\system32\hphmon05.exe "
    mRun: [HPHUPD05] "c:\program files\hp\{45b6180b-dcab-4093-8ee8-6164457517f0}\hphupd05.exe "
    mRun: [KBD] "c:\hp\kbd\KBD.EXE "
    mRun: [LTMSG] "c:\windows\LTMSG.exe" 7
    mRun: [PS2] "c:\windows\system32\ps2.exe "
    mRun: [VTTimer] "c:\windows\system32\VTTimer.exe "
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
    mRun: [Recguard] "c:\windows\sminst\RECGUARD.EXE "
    mRun: [Sunkist2k] "c:\program files\multimedia card reader\shwicon2k.exe "
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe "
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [AppleSyncNotifier] "c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe "
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [SpySweeper] c:\program files\webroot\spy sweeper\SpySweeperUI.exe /startintray
    dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    StartupFolder: c:\docume~1\owner\startm~1\programs\startup\onenote 2007 screen clipper and launcher.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
    Trusted Zone: intuit.com
    Trusted Zone: microsoft.com\*.update
    Trusted Zone: microsoft.com\update
    Trusted Zone: windowsupdate.com\download
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - hxxp://messenger.yahoo.com/maintenance/patch.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
    DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
    DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
    Notify: igfxcui - igfxsrvc.dll
    AppInit_DLLs: c:\windows\system32\guard32.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: {4F07DA45-8170-4859-9B5F-037EF2970034} - No File
    SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
    LSA: Notification Packages = :\windows\system32\srrst

    ============= SERVICES / DRIVERS ===============

    R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-2-4 101776]
    R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-2-4 31504]

    =============== Created Last 30 ================

    2010-01-05 22:19:04 0 dc----w- c:\docume~1\owner\applic~1\Auslogics
    2010-01-05 22:18:49 0 d-----w- c:\program files\Auslogics
    2009-12-14 11:21:29 40 ---ha-w- c:\windows\system32\ivireg.ivr
    2009-12-13 16:04:31 88 -csh--r- c:\docume~1\alluse~1\applic~1\0CE12BA010.sys
    2009-12-13 16:04:30 2516 -csha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
    2009-12-13 16:03:04 10368 ----a-w- c:\windows\system32\drivers\iviaspi.sys
    2009-12-13 16:00:12 0 dc----w- c:\docume~1\alluse~1\applic~1\Corel
    2009-12-13 15:59:43 0 d-----w- c:\program files\InterVideo
    2009-12-13 15:59:42 0 d-----w- c:\program files\common files\Protexis
    2009-12-13 15:59:42 0 d-----w- c:\program files\common files\InterVideo
    2009-12-13 15:58:57 0 d-----w- c:\program files\Corel
    2009-12-13 15:56:31 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2009-12-13 01:19:30 0 d-----w- c:\program files\DivX
    2009-12-13 01:02:51 0 d-----w- c:\windows\system32\QuickTime
    2009-12-09 21:30:17 84684 ---ha-w- c:\windows\system32\mlfcache.dat
    2009-12-09 11:23:18 0 dc----w- C:\d6accb010fa405dabf25926699304b

    ==================== Find3M ====================

    2009-12-30 19:55:24 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-12-30 19:54:58 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-10-29 07:45:38 916480 ----a-w- c:\windows\system32\wininet.dll
    2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
    2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
    2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
    2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
    2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
    2004-05-15 20:45:49 0 -csha-w- c:\windows\sminst\HPCD.sys

    ============= FINISH: 7:35:45.73 ===============
     
  2. 2010/01/06
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    I see you have P2P software ( Azures, Limewire, BitTorrent, uTorrent etc…) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares and their infections.

    References for the risk of these programs are here, and here.

    I would strongly recommend that you uninstall them,

    Note: Please be advised that continued use of these programs after being warned of the danger of infections from them, may result in the discontinued help of future cleaning of your system here at WindowsBBS Malware and Virus removal.

    A Malware expert will have a look at your log in due course.
     

  3. to hide this advert.

  4. 2010/01/06
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    Thanks

    my daughter was using this program and thought it was gone. but I did ininstall it and its not comming back. do I need to do the logs over again an re-post them?
     
  5. 2010/01/06
    Admin.

    Admin. Administrator Administrator Staff

    Joined:
    2001/12/30
    Messages:
    6,687
    Likes Received:
    107
    No. A Malware expert will have a look at your log in due course.
     
  6. 2010/01/06
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Are you running Webroot AV (only) and Comodo firewall (only)?

    Print these instructions out.

    NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

    ***VERY IMPORTANT! Make sure, you update Superantispyware, and Malwarebytes before running the scans.***

    STEP 1. Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/

    * Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    * An icon will be created on your desktop. Double-click that icon to launch the program.
    * If asked to update the program definitions, click "Yes ". If not, update the definitions before scanning by selecting "Check for Updates ". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    * Close SUPERAntiSpyware.

    PHYSICALLY DISCONNECT FROM THE INTERNET

    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    * Open SUPERAntiSpyware.
    * Click Scan your Computer... button.
    * Click Scanning Preferences/Control Center... button.
    * Under General and Startup tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
    * Click the Scanning Control tab.
    * Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Terminate memory threats before quarantining.
    * Click the Close button to leave the control center screen.
    * On the left, make sure you check C:\Fixed Drive.
    * On the right, choose Perform Complete Scan.
    * Click Next to start the scan. Please be patient while it scans your computer.
    * After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
    * Make sure everything has a checkmark next to it and click Next.
    * A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
    * If asked if you want to reboot, click Yes.
    * To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
    * Click Close to exit the program.
    Post SUPERAntiSpyware log.

    RECONNECT TO THE INTERNET

    RESTART COMPUTER!

    STEP 2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
    (Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform full scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    RESTART COMPUTER!

    STEP 3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
    Alternative downloads:
    - http://majorgeeks.com/GMER_d5198.html
    - http://www.softpedia.com/get/Interne...ers/GMER.shtml
    Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
    When scan is completed, click Save button, and save the results as gmer.log
    Warning ! Please, do not select the "Show all" checkbox during the scan.
    Post the log to your next reply.

    RESTART COMPUTER

    STEP 4. Download HijackThis:
    http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
    by clicking on Installer under Version 2.0.2
    [DO NOT download version 2.0.3 (beta)]
    Install, and run it.
    Post HijackThis log.
    NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
    Do NOT attempt to "fix" anything!


    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. 2010/01/07
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    SUPERAntiSpware log

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 01/07/2010 at 11:03 AM

    Application Version : 4.33.1000

    Core Rules Database Version : 4455
    Trace Rules Database Version: 2277

    Scan type : Complete Scan
    Total Scan Time : 03:39:19

    Memory items scanned : 239
    Memory threats detected : 0
    Registry items scanned : 7166
    Registry threats detected : 0
    File items scanned : 146138
    File threats detected : 0
     
  8. 2010/01/07
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    Malwarepytes' log

    Malwarebytes' Anti-Malware 1.43
    Database version: 3508
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    1/7/2010 1:41:19 PM
    mbam-log-2010-01-07 (13-41-19).txt

    Scan type: Full Scan (C:\|)
    Objects scanned: 291438
    Time elapsed: 2 hour(s), 14 minute(s), 29 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  9. 2010/01/07
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    Hijackthis log

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 4:29:56 PM, on 1/7/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
    C:\WINDOWS\System32\hphmon05.exe
    C:\HP\KBD\KBD.EXE
    C:\WINDOWS\LTMSG.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\Program Files\Multimedia Card Reader\shwicon2k.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\CDBurnerXP\NMSAccessU.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\WINDOWS\System32\snmp.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Yahoo!\browser\ybrowser.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=61008
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=61008
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../sbcydsl/*http://www.yahoo.com/search/ie.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
    O4 - HKLM\..\Run: [hpsysdrv] "c:\windows\system\hpsysdrv.exe "
    O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKLM\..\Run: [AlcxMonitor] "C:\WINDOWS\ALCXMNTR.EXE "
    O4 - HKLM\..\Run: [DeviceDiscovery] "C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe "
    O4 - HKLM\..\Run: [HPHmon05] "C:\WINDOWS\System32\hphmon05.exe "
    O4 - HKLM\..\Run: [HPHUPD05] "c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe "
    O4 - HKLM\..\Run: [KBD] "C:\HP\KBD\KBD.EXE "
    O4 - HKLM\..\Run: [LTMSG] "C:\WINDOWS\LTMSG.exe" 7
    O4 - HKLM\..\Run: [PS2] "C:\WINDOWS\system32\ps2.exe "
    O4 - HKLM\..\Run: [VTTimer] "C:\WINDOWS\system32\VTTimer.exe "
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe "
    O4 - HKLM\..\Run: [Recguard] "C:\WINDOWS\SMINST\RECGUARD.EXE "
    O4 - HKLM\..\Run: [Sunkist2k] "C:\Program Files\Multimedia Card Reader\shwicon2k.exe "
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AppleSyncNotifier] "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe "
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe "
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1103471.exe" -Update -1103471 - "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; YPC 3.2.0; .NET CLR 1.1.4322; .NET CLR 2.0.50727; Windows-Media-Player/10.00.00.3990; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2; IEMB3)" - "http://www.cartoonnetwork.com/games/courage/creeptv/index.html "
    O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
    O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: SBC Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
    O15 - Trusted Zone: *.intuit.com
    O15 - Trusted Zone: http://download.windowsupdate.com
    O16 - DPF: {01020304-0506-0708-090A-0B0C0D0E0F08} - http://messenger.yahoo.com/maintenance/patch.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
    O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadblocker.com/activex/sabspx.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
    O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

    --
    End of file - 12170 bytes
     
  10. 2010/01/07
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    Gmer log

    I keep trying to post this log but it wont let me because its to long. What should I do?
     
  11. 2010/01/07
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    I just want to make sure, you're running 1 AV and 1 firewall.

    Split GMER log between couple of replies.
     
  12. 2010/01/08
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    Yes, I have Comodo firewall and Avast anti. I closed the webroot because it was expired.
     
  13. 2010/01/08
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    GMER log

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-01-07 16:14:24
    Windows 5.1.2600 Service Pack 3
    Running: wiqt87bk[1].exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\kftyiaob.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB8339906]
    SSDT 8A4EB860 ZwAllocateVirtualMemory
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB80836B8]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB8338E66]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB83394C2]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB8083574]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB8338BC0]
    SSDT 8A4B5DA0 ZwCreateProcess
    SSDT 8A4B5D28 ZwCreateProcessEx
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB833ADC0]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB8339AEC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB8338796]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB8339D3A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB8083A52]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB808314C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB833AA42]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB83390AC]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB83396FA]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB808364E]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB808308C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB833933C]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB80830F0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB808376E]
    SSDT 8A4B58F0 ZwQueueApcThread
    SSDT 8A4EB770 ZwReadVirtualMemory
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB833A496]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB8338CDE]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB808372E]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB833A7FA]
    SSDT 8A4B59E0 ZwSetContextThread
    SSDT 8A50D100 ZwSetInformationKey
    SSDT 8A4B5C38 ZwSetInformationProcess
    SSDT 8A4B5A58 ZwSetInformationThread
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB833ABF0]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB80838AE]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB8339046]
    SSDT 8A4B5BC0 ZwSuspendProcess
    SSDT 8A4B5968 ZwSuspendThread
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB8339230]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB8338A8A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB8338958]
    SSDT 8A4EB7E8 ZwWriteVirtualMemory

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntoskrnl.exe!_abnormal_termination + 104 804E2760 12 Bytes [C0, 8B, 33, B8, A0, 5D, 4B, ...]
    .text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 12 Bytes [C0, 5B, 4B, 8A, 68, 59, 4B, ...]
    .text ntoskrnl.exe!_abnormal_termination + 4A0 804E2AFC 4 Bytes CALL 26D879B8
    init C:\WINDOWS\System32\Drivers\sunkfilt.sys entry point in "init" section [0xF7787300]

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[156] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[156] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[236] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 08A10001
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\iTunes\iTunesHelper.exe[240] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[276] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[276] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\ctfmon.exe[276] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[276] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\ctfmon.exe[276] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D10001
    .text C:\WINDOWS\system32\ctfmon.exe[276] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[276] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[276] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\ctfmon.exe[276] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\ctfmon.exe[276] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\ctfmon.exe[276] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\system32\ctfmon.exe[276] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\ctfmon.exe[276] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\ctfmon.exe[276] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\ctfmon.exe[276] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[288] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[288] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\HP\KBD\KBD.EXE[296] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\HP\KBD\KBD.EXE[296] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\HP\KBD\KBD.EXE[296] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\HP\KBD\KBD.EXE[296] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\HP\KBD\KBD.EXE[296] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 028D0001
    .text C:\HP\KBD\KBD.EXE[296] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\HP\KBD\KBD.EXE[296] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\HP\KBD\KBD.EXE[296] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\HP\KBD\KBD.EXE[296] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\HP\KBD\KBD.EXE[296] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\HP\KBD\KBD.EXE[296] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\HP\KBD\KBD.EXE[296] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Bonjour\mDNSResponder.exe[332] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 021D0001
    .text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\Explorer.EXE[436] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\Explorer.EXE[436] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\Explorer.EXE[436] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[436] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[520] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[520] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00385810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00385740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003853D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [46, 88]
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 003850E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[564] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00385260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrwicon.exe[700] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\windows\system\hpsysdrv.exe[704] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\windows\system\hpsysdrv.exe[704] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\windows\system\hpsysdrv.exe[704] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\windows\system\hpsysdrv.exe[704] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
    .text C:\windows\system\hpsysdrv.exe[704] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\windows\system\hpsysdrv.exe[704] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\windows\system\hpsysdrv.exe[704] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\windows\system\hpsysdrv.exe[704] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
     
  14. 2010/01/08
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    gmer log part 2

    .text C:\windows\system\hpsysdrv.exe[704] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\windows\system\hpsysdrv.exe[704] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\windows\system\hpsysdrv.exe[704] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\windows\system\hpsysdrv.exe[704] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\windows\system\hpsysdrv.exe[704] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\windows\system\hpsysdrv.exe[704] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[840] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 010B0001
    .text C:\WINDOWS\ALCXMNTR.EXE[992] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\ALCXMNTR.EXE[992] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\ALCXMNTR.EXE[992] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\ALCXMNTR.EXE[992] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FF0001
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe[1008] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F80001
    .text C:\WINDOWS\System32\hphmon05.exe[1036] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\System32\hphmon05.exe[1036] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\System32\hphmon05.exe[1036] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\hphmon05.exe[1036] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00BF0001
    .text C:\WINDOWS\system32\VTTimer.exe[1104] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\system32\VTTimer.exe[1104] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\VTTimer.exe[1104] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\VTTimer.exe[1104] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E30001
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe[1116] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\WINDOWS\system32\winlogon.exe[1352] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\winlogon.exe[1352] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[1352] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\services.exe[1412] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[1412] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\lsass.exe[1424] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[1424] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1476] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\WRConsumerService.exe[1612] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1636] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1636] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1720] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1720] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
     
  15. 2010/01/08
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    gmer log #3

    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashDisp.exe[1760] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[1784] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1784] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\LTMSG.exe[1800] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\LTMSG.exe[1800] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\WINDOWS\LTMSG.exe[1800] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\LTMSG.exe[1800] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\WINDOWS\LTMSG.exe[1800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00E70001
    .text C:\WINDOWS\LTMSG.exe[1800] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\WINDOWS\LTMSG.exe[1800] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\WINDOWS\LTMSG.exe[1800] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\WINDOWS\LTMSG.exe[1800] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\WINDOWS\LTMSG.exe[1800] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\WINDOWS\LTMSG.exe[1800] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\WINDOWS\LTMSG.exe[1800] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe[1812] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00A40001
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Multimedia Card Reader\shwicon2k.exe[1840] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01450001
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Real\Update_OB\realsched.exe[1848] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Windows Defender\MsMpEng.exe[1880] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F70001
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jusched.exe[1900] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[1940] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1940] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\IObit\IObit Security 360\IS360srv.exe[2060] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F00001
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[2448] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2548] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[2636] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Java\jre6\bin\jqs.exe[2860] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\CDBurnerXP\NMSAccessU.exe[2908] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
     
  16. 2010/01/08
    amber1970

    amber1970 Inactive Thread Starter

    Joined:
    2006/02/09
    Messages:
    50
    Likes Received:
    0
    gmer log part 4

    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\wbem\wmiprvse.exe[3008] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\iPod\bin\iPodService.exe[3024] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe[3072] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\snmp.exe[3160] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\snmp.exe[3160] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[3184] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[3184] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe[3264] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe[3344] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\PROGRA~1\Yahoo!\browser\ycommon.exe[3464] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ntdll.dll!NtCreateKey 7C90D0EE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ntdll.dll!NtCreateKey + 4 7C90D0F2 2 Bytes [17, 5F] {POP SS; POP EDI}
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ntdll.dll!NtSetValueKey 7C90DDCE 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ntdll.dll!NtSetValueKey + 4 7C90DDD2 2 Bytes [14, 5F] {ADC AL, 0x5f}
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00C30001
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] kernel32.dll!CreateProcessW 7C802336 6 Bytes JMP 5F0D0F5A
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] kernel32.dll!CreateProcessA 7C80236B 6 Bytes JMP 5F0A0F5A
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 6 Bytes JMP 5F100F5A
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ADVAPI32.dll!CreateProcessWithLogonW 77E15FFD 3 Bytes [FF, 25, 1E]
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ADVAPI32.dll!CreateProcessWithLogonW + 4 77E16001 2 Bytes [05, 5F]
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ADVAPI32.dll!CreateServiceA 77E37211 6 Bytes JMP 5F190F5A
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ADVAPI32.dll!CreateServiceW 77E373A9 6 Bytes JMP 5F1C0F5A
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\N8LUD7S8\wiqt87bk[1].exe[3472] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\alg.exe[3628] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[3628] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F784A710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F784A770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F784A990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F784A950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F784A950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F784A770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F784A710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F784A990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F784A990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F784A950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F784A770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F784A710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F784A950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F784A990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F784A710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F784A770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F784A710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F784A770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F784A950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F784A990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F784A950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F784A770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F784A710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F784A950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F784A990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F784A710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
    IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F784A770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\WINDOWS\system32\services.exe[1412] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
    IAT C:\WINDOWS\system32\services.exe[1412] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\PSAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)
    IAT C:\Program Files\Yahoo!\browser\ybrowser.exe[2100] @ C:\WINDOWS\system32\PSAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\ybskin2.dll (Yahoo! Skinning Object/Yahoo! Inc.)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \FileSystem\Ntfs \Ntfs ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    Device \Driver\Tcpip \Device\Ip 8A0E6348
    Device \Driver\Tcpip \Device\Ip 89E835D0

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Tcpip \Device\Tcp 8A0E6348
    Device \Driver\Tcpip \Device\Tcp 89E835D0

    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\Udp 8A0E6348
    Device \Driver\Tcpip \Device\Udp 89E835D0

    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\RawIp 8A0E6348
    Device \Driver\Tcpip \Device\RawIp 89E835D0

    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

    Device \Driver\Tcpip \Device\IPMULTICAST 8A0E6348
    Device \Driver\Tcpip \Device\IPMULTICAST 89E835D0

    AttachedDevice \FileSystem\Fastfat \Fat ssfs0bbc.sys (Spy Sweeper FileSystem Filter Driver/Webroot Software, Inc. (www.webroot.com))
    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
    AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

    ---- EOF - GMER 1.0.15 ----
     
  17. 2010/01/08
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.


    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Please, never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE. If Combofix asks you to install Recovery Console, please allow it.

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.