 I Have Reason To Believe Somethign Is Screwing With My System Files And Or Drivers |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Apr 17 2008, 01:54 AM
Post
#16
|
|
 Distinguished Member  Group: Members Posts: 801 Joined: 25-October 07 From: Sydney, NSW Member No.: 165,216  |
The screen issue still persists >.< -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
 |
 
|
|
Apr 17 2008, 06:08 PM
Post
#17
|
|
 I will eat your Malware Group: HJT Team Coach Posts: 2,269 Joined: 14-November 04 From: Ontario Member No.: 5,056 |
hmmmm odd.
Open Hijackthis click "config" click "misc tools" click "open ADSSpy" UNcheck "quick scan" Click "scan" Wait till it is done. If any results please save the log and post contents here. Thanks 
-------------------- I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing. And to drink...a nice tall glass of adware! For dessert; can I have a bowl of the freshest worms you have please?. Never Give Up! If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware  |
|
|
|
|
Apr 17 2008, 06:23 PM
Post
#18
|
|
|
Distinguished Member Group: Members Posts: 801 Joined: 25-October 07 From: Sydney, NSW Member No.: 165,216 |
No results
Also, i still don't have my auto runs back -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
Apr 18 2008, 02:21 AM
Post
#19
|
|
|
I will eat your Malware Group: HJT Team Coach Posts: 2,269 Joined: 14-November 04 From: Ontario Member No.: 5,056 |
Hi,
Download Gmer from here: http://www.gmer.net/gmer.zip Unzip it to its own folder. Disconnect from internet & shut down Antivirus to prevent conflicts. To stop avast -- Right click on the @ icon> choose "stop on access protection" or similar. Give it a minute to quit. Shut down also any other unneeded apps including any open browser windows. The less stuff we got running the less chance of false positives in log. Double click gmer.exe to run it. Allow driver to install if asked (gmer.sys) You may get a warning at program start that there is possible rootkit activity and do you want to run scan. Say OK to run scan. If no warning, just click "scan". Let the scan finish. Once done press "save" In the new window that pops up, give the log a name and save it someplace handy. Press save. Re-enable your antivirus, re-connect to internet & post that log here Thanks
-------------------- I'll have an order of massive trojan attack please with a side order of rootkit and virus dip.
Pre-course order of fresh spyware salad please with a side order of polymorphic dressing. And to drink...a nice tall glass of adware! For dessert; can I have a bowl of the freshest worms you have please?. Never Give Up! If you are happy with the service I provided, please consider making a donation to help me continue the fight against Malware |
|
|
|
|
Apr 20 2008, 06:48 AM
Post
#20
|
|
|
Distinguished Member Group: Members Posts: 801 Joined: 25-October 07 From: Sydney, NSW Member No.: 165,216 |
Sorry, haven't had a chance to run Gmer yet. I will later tonight
-------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|
|
|
Apr 26 2008, 03:00 AM
Post
#21
|
|
|
Distinguished Member Group: Members Posts: 801 Joined: 25-October 07 From: Sydney, NSW Member No.: 165,216 |
Heres the gmer results
sorry I took so long to post them. The problem is still persistent >.>GMER 1.0.14.14205 - http://www.gmer.net Rootkit scan 2008-04-26 17:52:32 Windows 5.1.2600 Service Pack 2 ---- User code sections - GMER 1.0.14 ---- .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[136] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SAService.exe[380] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\System32\svchost.exe[452] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[452] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\SiteAdvisor\6253\SiteAdv.exe[640] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\system32\winlogon.exe[684] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\winlogon.exe[684] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\iTunes\iTunesHelper.exe[704] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iTunes\iTunesHelper.exe[704] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\system32\services.exe[728] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\services.exe[728] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\system32\lsass.exe[740] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\lsass.exe[740] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\system32\svchost.exe[900] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[900] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\system32\svchost.exe[984] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\svchost.exe[984] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\System32\svchost.exe[1028] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1028] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\System32\svchost.exe[1120] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1120] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\System32\svchost.exe[1184] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\svchost.exe[1184] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1324] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] USER32.DLL!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] USER32.DLL!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] USER32.DLL!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\Gmer\gmer.exe[1348] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Gmer\gmer.exe[1348] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe[1368] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\Explorer.EXE[1512] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\Explorer.EXE[1512] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\spoolsv.exe[1784] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Comodo\Firewall\cmdagent.exe[2004] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Alwil Software\Avast4\ashWebSv.exe[2052] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\system32\ctfmon.exe[2076] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\system32\ctfmon.exe[2076] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00975050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00974F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00971850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00971220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 009713B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ A5, 88 ] .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00974C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] USER32.dll!mouse_event 7E466515 5 Bytes JMP 009716C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00971540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00974950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\Last.fm\LastFMHelper.exe[2204] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00974AC0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\WINDOWS\System32\alg.exe[2296] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\WINDOWS\System32\alg.exe[2296] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005050 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F80 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001850 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001220 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013B0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ] .text C:\Program Files\iPod\bin\iPodService.exe[3000] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C20 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016C0 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001540 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004950 C:\WINDOWS\system32\guard32.dll .text C:\Program Files\iPod\bin\iPodService.exe[3000] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AC0 C:\WINDOWS\system32\guard32.dll ---- Devices - GMER 1.0.14 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) ---- Kernel IAT/EAT - GMER 1.0.14 ---- IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8571710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8571770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8571990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8571950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8571950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8571770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8571710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8571990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F8571990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8571950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8571770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8571710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8571950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8571710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8571770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8571990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8571710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8571770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8571950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8571990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8571950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8571770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8571710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8571950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8571990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8571710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8571770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO) ---- User IAT/EAT - GMER 1.0.14 ---- IAT C:\WINDOWS\system32\services.exe[728] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002 IAT C:\WINDOWS\system32\services.exe[728] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000 ---- Registry - GMER 1.0.14 ---- Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Fonts@mis\xae (TrueType) miss-r.ttf ---- System - GMER 1.0.14 ---- SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF6E50DBA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xF6C87D98] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xF6E50398] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xF6E509DA] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xF6C87CB8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xF6E500FA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xF6E51E20] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF6E50FA0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xF6E4FCCA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xF6E511E4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xF6C8812A] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xF6C878AA] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xF6E51AC0] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xF6E50BE4] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xF6C87D2E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xF6C877C8] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xF6E5087E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xF6C8783C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xF6C87E42] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xF6E5191E] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF6E50210] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xF6C87E02] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xF6E5055A] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xF6E51C60] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xF6C87F84] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xF6E5070C] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xF6E50772] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xF6E4FFC4] SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xF6E4FE92] ---- EOF - GMER 1.0.14 ---- Oh s#!T I forgot to shut down my AV.. -------------------- "People die of disease and accident. Death comes suddenly and there is no notion of good or bad. It leaves, not a dramatic feeling but great emptiness. When you lose someone you loved very much you feel this big empty space and think, 'If I had known this was coming I would have done things differently.' These are the feelings I wanted to arouse in the players with Aerith's death relatively early in the game. Feelings of reality and not Hollywood." - Yoshinori Kitase |
|
|