Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I need help ASAP and dont know where to start


  • This topic is locked This topic is locked
37 replies to this topic

#1 kymberly

kymberly

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 28 January 2009 - 10:51 PM

Hello, i am jus at odds about this computer. I have done a restore, reformat, re, re , re and still the same thing. I believe tht its in my restore system. I have no restore points what so eva. I have restored using tha disk and still it takes at least 2 days 2 complete. While doing this with the disk I noticed that a program called "pc angel creator was being installed. Dont know if thats legit or not. I have had numerous of trojans, at times 5 or more. I have now downloaded commodo firewall and dont know how to configure it. Every thing I download is either not started or has been infected while downloading. I have ran numerous of programs but find nothing. Spyware Forum suggested that I contact you. Since then I have had to use disk to format all over again. But I believe its in the restore system. Same thing keep happening. Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:45 PM, on 1/28/2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\COMODO\SafeSurf\cssurf.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO SafeSurf] "C:\Program Files\COMODO\SafeSurf\cssurf.exe" -s
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] c:\program files\uniblue\registrybooster\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Connections.lnk = C:\Program Files\HP Connections\6811507\Program\HP Connections.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll C:\Windows\system32\cssdll32.dll
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: GPXVTKGUGW - Sysinternals - www.sysinternals.com - C:\Users\rj\AppData\Local\Temp\GPXVTKGUGW.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: KDYEQHKWCJ - Sysinternals - www.sysinternals.com - C:\Users\rj\AppData\Local\Temp\KDYEQHKWCJ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LO - Sysinternals - www.sysinternals.com - C:\Users\rj\AppData\Local\Temp\LO.exe
O23 - Service: QEMBNZXA - Sysinternals - www.sysinternals.com - C:\Users\rj\AppData\Local\Temp\QEMBNZXA.exe
O23 - Service: QRWFG - Sysinternals - www.sysinternals.com - C:\Users\rj\AppData\Local\Temp\QRWFG.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7868 bytes

BC AdBot (Login to Remove)

 


#2 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 02 February 2009 - 12:37 AM

I just want to make note of this, that something is writing to tha disk!? Whateva that means. My firewall is alerting that a program was writing to disk and I just denied that program but cant remember which program. I am trying to hit all issues so we can pin point the problem.

#3 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:09:29 AM

Posted 09 February 2009 - 10:50 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results, click no to the Optional_Scan
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#4 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 11 February 2009 - 12:10 AM

Sorry this took me so long, but I encountered several problems trying to download this. When clicked on dds.pif I got message from Avira Guard a virus or unwanted program was found: c:/users/rj/appdata/local/microsoft/windows/.../dds (1).pif, The file contains executable program that is disguised by a harmfless file extentsion (Hiddentext/crypted) I cant remember what I did with that file, i believe i quart or deleted.

DDS REPORT:

DDS (Ver_09-01-19.01) - NTFSx86 NETWORK
Run by rj at 16:31:47.67 on Sat 01/31/2009
Internet Explorer: 7.0.6000.16764
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.200 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: COMODO Firewall *enabled*
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Users\rj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZF5D7WV\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll

============= SERVICES / DRIVERS ===============

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-28 25104]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-28 99344]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\rj\appdata\local\temp\low\onlinescanner\anti-virus\fsgk.sys [2009-1-28 70144]
S3 GPXVTKGUGW;GPXVTKGUGW;c:\users\rj\appdata\local\temp\GPXVTKGUGW.exe [2009-1-28 531328]
S3 KDYEQHKWCJ;KDYEQHKWCJ;c:\users\rj\appdata\local\temp\KDYEQHKWCJ.exe [2009-1-28 531328]
S3 LO;LO;c:\users\rj\appdata\local\temp\LO.exe [2009-1-28 560000]
S3 QEMBNZXA;QEMBNZXA;c:\users\rj\appdata\local\temp\QEMBNZXA.exe [2009-1-28 494464]
S3 QRWFG;QRWFG;c:\users\rj\appdata\local\temp\QRWFG.exe [2009-1-28 523136]

=============== Created Last 30 ================

2009-01-29 04:22 136,317,143 a------- c:\windows\MEMORY.DMP
2009-01-29 03:53 250 a------- c:\windows\gmer.ini
2009-01-29 00:55 <DIR> --d----- c:\program files\CCleaner
2009-01-28 21:41 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-01-28 21:41 20,920 a------- c:\windows\system32\drivers\compbatt.sys
2009-01-28 21:41 11,264 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-01-28 21:41 28,344 a------- c:\windows\system32\drivers\battc.sys
2009-01-28 21:41 14,208 a------- c:\windows\system32\drivers\CmBatt.sys
2009-01-28 21:33 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-01-28 21:24 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-01-28 21:24 7,680 a------- c:\windows\system32\spwmp.dll
2009-01-28 21:24 4,096 a------- c:\windows\system32\dxmasf.dll
2009-01-28 21:24 4,096 a------- c:\windows\system32\msdxm.ocx
2009-01-28 21:24 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-01-28 21:23 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-01-28 21:23 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-01-28 21:23 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-01-28 21:23 86,016 a------- c:\windows\system32\icfupgd.dll
2009-01-28 21:23 61,952 a------- c:\windows\system32\cmifw.dll
2009-01-28 21:23 16,896 a------- c:\windows\system32\wfapigp.dll
2009-01-28 21:23 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-01-28 21:23 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-01-28 21:23 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-01-28 21:21 2,048 a------- c:\windows\system32\tzres.dll
2009-01-28 21:16 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-01-28 21:16 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-01-28 21:16 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-01-28 21:16 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-01-28 21:16 25,656 a------- c:\windows\system32\drivers\msahci.sys
2009-01-28 21:16 17,464 a------- c:\windows\system32\drivers\intelide.sys
2009-01-28 21:16 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-01-28 21:16 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-01-28 21:16 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-01-28 21:15 2,923,520 a------- c:\windows\explorer.exe
2009-01-28 21:14 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-01-28 21:14 8,704 a------- c:\windows\system32\hccoin.dll
2009-01-28 21:14 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-01-28 21:14 224,768 a------- c:\windows\system32\drivers\usbport.sys
2009-01-28 21:14 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-01-28 21:14 23,040 a------- c:\windows\system32\drivers\usbuhci.sys
2009-01-28 21:14 8,704 a------- c:\windows\system32\hcrstco.dll
2009-01-28 21:06 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-28 21:06 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-01-28 21:06 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-01-28 21:06 24,064 a------- c:\windows\system32\netcfg.exe
2009-01-28 21:06 22,016 a------- c:\windows\system32\netiougc.exe
2009-01-28 21:05 1,808,896 a------- c:\windows\system32\NlsLexicons0046.dll
2009-01-28 21:05 1,793,536 a------- c:\windows\system32\NlsLexicons0045.dll
2009-01-28 21:05 1,558,016 a------- c:\windows\system32\NlsLexicons0049.dll
2009-01-28 21:05 1,411,072 a------- c:\windows\system32\NlsLexicons0047.dll
2009-01-28 21:05 1,782,272 a------- c:\windows\system32\NlsLexicons0039.dll
2009-01-28 21:05 1,236,992 a------- c:\windows\system32\NlsLexicons0020.dll
2009-01-28 21:05 2,136,064 a------- c:\windows\system32\NlsLexicons0021.dll
2009-01-28 21:05 5,499,904 a------- c:\windows\system32\NlsLexicons0022.dll
2009-01-28 21:05 7,964,672 a------- c:\windows\system32\NlsLexicons0024.dll
2009-01-28 21:05 5,791,232 a------- c:\windows\system32\NlsLexicons0026.dll
2009-01-28 21:03 9,845,248 a------- c:\windows\system32\NlsData000a.dll
2009-01-28 21:03 2,641,408 a------- c:\windows\system32\NlsData000c.dll
2009-01-28 21:03 2,340,864 a------- c:\windows\system32\NlsData000d.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData000f.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0414.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0416.dll
2009-01-28 21:03 797,696 a------- c:\windows\system32\NaturalLanguage6.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0816.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData081a.dll
2009-01-28 21:03 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData0c1a.dll
2009-01-28 20:44 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-01-28 20:41 82,432 a------- c:\windows\system32\drivers\sdbus.sys
2009-01-28 20:41 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-01-28 20:41 223,232 a------- c:\windows\system32\WMASF.DLL
2009-01-28 20:41 2,048 a------- c:\windows\system32\asferror.dll
2009-01-28 20:39 223,232 a------- c:\windows\system32\SLC.dll
2009-01-28 20:39 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-01-28 20:39 33,280 a------- c:\windows\system32\slwmi.dll
2009-01-28 20:39 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-01-28 20:39 351,232 a------- c:\windows\system32\SLUI.exe
2009-01-28 20:39 186,368 a------- c:\windows\system32\SLLUA.exe
2009-01-28 20:39 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-01-28 20:39 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-01-28 20:39 39,936 a------- c:\windows\system32\slcinst.dll
2009-01-28 20:05 <DIR> --d----- c:\programdata\Avira
2009-01-28 20:05 <DIR> --d----- c:\program files\Avira
2009-01-28 20:05 <DIR> --d----- c:\progra~2\Avira
2009-01-28 19:37 <DIR> --d----- c:\program files\Trend Micro
2009-01-28 18:50 152,576 a------- c:\windows\system32\imagehlp.dll
2009-01-28 18:50 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-01-28 18:50 5,120 a------- c:\windows\system32\wmi.dll
2009-01-28 18:32 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-28 18:32 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-28 18:32 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-28 18:29 8,138,240 a------- c:\windows\system32\ssBranded.scr
2009-01-28 18:29 37,376 a------- c:\windows\system32\printcom.dll
2009-01-28 18:29 441,856 a------- c:\windows\system32\win32spl.dll
2009-01-28 18:28 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-01-28 18:28 14,848 a------- c:\windows\system32\wshrm.dll
2009-01-28 18:28 11,776 a------- c:\windows\system32\sbunattend.exe
2009-01-28 18:28 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-01-28 18:27 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-01-28 18:27 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-01-28 18:27 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-01-28 18:27 2,855,424 a------- c:\windows\system32\mf.dll
2009-01-28 18:27 98,816 a------- c:\windows\system32\mfps.dll
2009-01-28 18:27 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-01-28 18:27 24,576 a------- c:\windows\system32\mfpmp.exe
2009-01-28 18:27 2,048 a------- c:\windows\system32\mferror.dll
2009-01-28 18:27 94,720 a------- c:\windows\system32\logagent.exe
2009-01-28 18:27 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-28 18:26 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-01-28 18:26 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-01-28 18:26 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-01-28 18:26 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-01-28 18:26 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-01-28 18:26 84,480 a------- c:\windows\system32\INETRES.dll
2009-01-28 18:26 737,792 a------- c:\windows\system32\inetcomm.dll
2009-01-28 18:26 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-28 18:25 1,327,104 a------- c:\windows\system32\quartz.dll
2009-01-28 18:25 974,336 a------- c:\windows\system32\crypt32.dll
2009-01-28 18:25 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-28 18:24 99,840 a------- c:\windows\system32\poqexec.exe
2009-01-28 18:24 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-28 18:24 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2009-01-28 18:24 2,026,496 a------- c:\windows\system32\win32k.sys
2009-01-28 18:24 633,856 a------- c:\windows\system32\user32.dll
2009-01-28 18:24 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-01-28 18:24 2,048 a------- c:\windows\system32\msxml6r.dll
2009-01-28 18:23 750,080 a------- c:\windows\system32\qmgr.dll
2009-01-28 17:06 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (RP304UA#ABA)_Y5335KV_0U_QCNF70214TZ_E436462-003_4A_I30BB_SQuanta_V66.3E_F.27_T070626_WV2-0_L409_M502_J80_7Intel_86E8_91.73_#090129_N80861092_(RP304UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-01-28 17:05 <DIR> --d----- c:\users\rj\appdata\roaming\Uniblue
2009-01-28 17:05 44 a------- c:\windows\system\hpsysdrv.dat
2009-01-28 17:04 <DIR> --d----- c:\program files\Uniblue
2009-01-28 17:01 81 a------- c:\windows\system32\LOG
2009-01-28 17:01 <DIR> --d----- c:\users\rj
2009-01-28 16:12 249,592 a------- c:\windows\system32\cssdll32.dll
2009-01-28 16:10 147,192 a------- c:\windows\system32\guard32.dll
2009-01-28 16:10 99,344 a------- c:\windows\system32\drivers\cmdguard.sys
2009-01-28 16:10 25,104 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-01-28 16:10 <DIR> --d----- c:\programdata\comodo
2009-01-28 16:10 <DIR> --d----- c:\progra~2\comodo
2009-01-28 16:10 <DIR> --d----- c:\program files\COMODO
2009-01-28 15:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-28 15:35 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-28 15:35 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-28 00:19 69,632 a------- c:\windows\system32\javacpl.cpl
2009-01-28 00:14 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-01-28 00:07 272,384 a------- c:\windows\system32\ShellvRTF64.dll
2009-01-28 00:07 237,568 a------- c:\windows\system32\ShellvRTF.dll
2009-01-28 00:07 <DIR> --d----- c:\windows\SMINST
2009-01-28 00:06 <DIR> --d----- c:\program files\HPQ
2009-01-28 00:05 8,192 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-01-28 00:05 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-01-28 00:05 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-01-28 00:05 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-01-28 00:05 9,472 a------- c:\windows\system32\drivers\CPQBttn.sys
2009-01-28 00:02 <DIR> --d----- c:\program files\DivX
2009-01-28 00:01 <DIR> --d----- c:\program files\muvee Technologies
2009-01-28 00:01 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-01-27 23:59 <DIR> --d----- c:\program files\Yahoo!
2009-01-27 23:56 <DIR> --d----- c:\program files\earthlink totalaccess
2009-01-27 23:56 <DIR> --d----- c:\program files\Online Services
2009-01-27 23:55 <DIR> --d----- c:\windows\HPCPCUninstall-6811507
2009-01-27 23:55 122,938 a----r-- c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
2009-01-27 23:55 <DIR> --d----- c:\program files\HP Connections
2009-01-27 23:48 <DIR> --d----- c:\programdata\WildTangent
2009-01-27 23:48 <DIR> --d----- c:\progra~2\WildTangent
2009-01-27 23:42 <DIR> --d----- c:\program files\HP Games
2009-01-27 23:40 <DIR> --d----- c:\programdata\Adobe
2009-01-27 23:39 <DIR> --d----- c:\programdata\CyberLink
2009-01-27 23:39 44,544 a------- c:\windows\system32\msxml4a.dll
2009-01-27 23:38 <DIR> --d----- c:\program files\HP
2009-01-27 23:37 <DIR> --d----- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-01-27 23:37 <DIR> --d----- c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-01-27 23:37 <DIR> --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-01-27 23:36 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-27 23:34 <DIR> --d----- c:\windows\PCHEALTH
2009-01-27 23:33 <DIR> --d----- c:\windows\SHELLNEW
2009-01-27 23:32 <DIR> --d----- c:\programdata\Microsoft Help
2009-01-27 23:16 <DIR> --d----- c:\programdata\Symantec
2009-01-27 23:16 <DIR> --d----- c:\progra~2\Symantec
2009-01-27 23:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-01-27 23:15 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-01-27 23:12 <DIR> --d----- c:\programdata\Sonic
2009-01-27 23:10 <DIR> --d----- c:\programdata\Roxio
2009-01-27 23:10 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-01-27 23:07 <DIR> --d----- c:\program files\Roxio
2009-01-27 23:07 <DIR> --dsh--- c:\windows\Installer
2009-01-27 23:03 <DIR> --d----- c:\programdata\InstallShield
2009-01-27 23:03 73,728 a------- c:\windows\system32\ISUSPM.cpl
2009-01-27 22:06 155,648 a------- c:\windows\system32\igfxres.dll
2009-01-27 22:03 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-01-27 21:56 385,024 a------- c:\windows\system32\igxpun.exe
2009-01-27 21:56 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-01-27 21:56 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-01-27 21:56 <DIR> --d----- c:\windows\system32\x64
2009-01-27 21:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-27 21:55 <DIR> --d----- c:\program files\Synaptics
2009-01-27 21:53 <DIR> --d----- c:\program files\CONEXANT
2009-01-27 21:42 <DIR> --d----- c:\windows\panther
2009-01-27 21:42 <DIR> --d----- c:\windows\OEMCert
2009-01-27 21:42 <DIR> --d-h--- C:\HP

==================== Find3M ====================

2009-01-29 03:35 51,200 a------- c:\windows\inf\infpub.dat
2009-01-29 03:35 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-29 03:35 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-29 03:35 86,016 a------- c:\windows\inf\infstor.dat
2009-01-29 03:32 174 a--sh--- c:\program files\desktop.ini
2009-01-28 21:11 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-28 21:11 826,368 a------- c:\windows\system32\wininet.dll
2009-01-28 21:11 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-01-28 21:11 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-28 21:05 6,224,896 a------- c:\windows\system32\NlsLexicons0027.dll
2009-01-28 20:43 371,712 a------- c:\windows\system32\srcore.dll
2009-01-28 18:30 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:32:34.92 ===============

DDS TEXT:
DDS (Ver_09-01-19.01) - NTFSx86 NETWORK
Run by rj at 16:31:47.67 on Sat 01/31/2009
Internet Explorer: 7.0.6000.16764
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.200 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: COMODO Firewall *enabled*
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
c:\program files\avira\antivir personaledition classic\avscan.exe
C:\Users\rj\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3ZF5D7WV\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll

============= SERVICES / DRIVERS ===============

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-28 25104]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-28 99344]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\rj\appdata\local\temp\low\onlinescanner\anti-virus\fsgk.sys [2009-1-28 70144]
S3 GPXVTKGUGW;GPXVTKGUGW;c:\users\rj\appdata\local\temp\GPXVTKGUGW.exe [2009-1-28 531328]
S3 KDYEQHKWCJ;KDYEQHKWCJ;c:\users\rj\appdata\local\temp\KDYEQHKWCJ.exe [2009-1-28 531328]
S3 LO;LO;c:\users\rj\appdata\local\temp\LO.exe [2009-1-28 560000]
S3 QEMBNZXA;QEMBNZXA;c:\users\rj\appdata\local\temp\QEMBNZXA.exe [2009-1-28 494464]
S3 QRWFG;QRWFG;c:\users\rj\appdata\local\temp\QRWFG.exe [2009-1-28 523136]

=============== Created Last 30 ================

2009-01-29 04:22 136,317,143 a------- c:\windows\MEMORY.DMP
2009-01-29 03:53 250 a------- c:\windows\gmer.ini
2009-01-29 00:55 <DIR> --d----- c:\program files\CCleaner
2009-01-28 21:41 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-01-28 21:41 20,920 a------- c:\windows\system32\drivers\compbatt.sys
2009-01-28 21:41 11,264 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-01-28 21:41 28,344 a------- c:\windows\system32\drivers\battc.sys
2009-01-28 21:41 14,208 a------- c:\windows\system32\drivers\CmBatt.sys
2009-01-28 21:33 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-01-28 21:24 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-01-28 21:24 7,680 a------- c:\windows\system32\spwmp.dll
2009-01-28 21:24 4,096 a------- c:\windows\system32\dxmasf.dll
2009-01-28 21:24 4,096 a------- c:\windows\system32\msdxm.ocx
2009-01-28 21:24 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-01-28 21:23 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-01-28 21:23 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-01-28 21:23 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-01-28 21:23 86,016 a------- c:\windows\system32\icfupgd.dll
2009-01-28 21:23 61,952 a------- c:\windows\system32\cmifw.dll
2009-01-28 21:23 16,896 a------- c:\windows\system32\wfapigp.dll
2009-01-28 21:23 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-01-28 21:23 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-01-28 21:23 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-01-28 21:21 2,048 a------- c:\windows\system32\tzres.dll
2009-01-28 21:16 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-01-28 21:16 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-01-28 21:16 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-01-28 21:16 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-01-28 21:16 25,656 a------- c:\windows\system32\drivers\msahci.sys
2009-01-28 21:16 17,464 a------- c:\windows\system32\drivers\intelide.sys
2009-01-28 21:16 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-01-28 21:16 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-01-28 21:16 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-01-28 21:15 2,923,520 a------- c:\windows\explorer.exe
2009-01-28 21:14 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-01-28 21:14 8,704 a------- c:\windows\system32\hccoin.dll
2009-01-28 21:14 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-01-28 21:14 224,768 a------- c:\windows\system32\drivers\usbport.sys
2009-01-28 21:14 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-01-28 21:14 23,040 a------- c:\windows\system32\drivers\usbuhci.sys
2009-01-28 21:14 8,704 a------- c:\windows\system32\hcrstco.dll
2009-01-28 21:06 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-28 21:06 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-01-28 21:06 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-01-28 21:06 24,064 a------- c:\windows\system32\netcfg.exe
2009-01-28 21:06 22,016 a------- c:\windows\system32\netiougc.exe
2009-01-28 21:05 1,808,896 a------- c:\windows\system32\NlsLexicons0046.dll
2009-01-28 21:05 1,793,536 a------- c:\windows\system32\NlsLexicons0045.dll
2009-01-28 21:05 1,558,016 a------- c:\windows\system32\NlsLexicons0049.dll
2009-01-28 21:05 1,411,072 a------- c:\windows\system32\NlsLexicons0047.dll
2009-01-28 21:05 1,782,272 a------- c:\windows\system32\NlsLexicons0039.dll
2009-01-28 21:05 1,236,992 a------- c:\windows\system32\NlsLexicons0020.dll
2009-01-28 21:05 2,136,064 a------- c:\windows\system32\NlsLexicons0021.dll
2009-01-28 21:05 5,499,904 a------- c:\windows\system32\NlsLexicons0022.dll
2009-01-28 21:05 7,964,672 a------- c:\windows\system32\NlsLexicons0024.dll
2009-01-28 21:05 5,791,232 a------- c:\windows\system32\NlsLexicons0026.dll
2009-01-28 21:03 9,845,248 a------- c:\windows\system32\NlsData000a.dll
2009-01-28 21:03 2,641,408 a------- c:\windows\system32\NlsData000c.dll
2009-01-28 21:03 2,340,864 a------- c:\windows\system32\NlsData000d.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData000f.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0414.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0416.dll
2009-01-28 21:03 797,696 a------- c:\windows\system32\NaturalLanguage6.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0816.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData081a.dll
2009-01-28 21:03 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData0c1a.dll
2009-01-28 20:44 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-01-28 20:41 82,432 a------- c:\windows\system32\drivers\sdbus.sys
2009-01-28 20:41 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-01-28 20:41 223,232 a------- c:\windows\system32\WMASF.DLL
2009-01-28 20:41 2,048 a------- c:\windows\system32\asferror.dll
2009-01-28 20:39 223,232 a------- c:\windows\system32\SLC.dll
2009-01-28 20:39 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-01-28 20:39 33,280 a------- c:\windows\system32\slwmi.dll
2009-01-28 20:39 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-01-28 20:39 351,232 a------- c:\windows\system32\SLUI.exe
2009-01-28 20:39 186,368 a------- c:\windows\system32\SLLUA.exe
2009-01-28 20:39 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-01-28 20:39 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-01-28 20:39 39,936 a------- c:\windows\system32\slcinst.dll
2009-01-28 20:05 <DIR> --d----- c:\programdata\Avira
2009-01-28 20:05 <DIR> --d----- c:\program files\Avira
2009-01-28 20:05 <DIR> --d----- c:\progra~2\Avira
2009-01-28 19:37 <DIR> --d----- c:\program files\Trend Micro
2009-01-28 18:50 152,576 a------- c:\windows\system32\imagehlp.dll
2009-01-28 18:50 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-01-28 18:50 5,120 a------- c:\windows\system32\wmi.dll
2009-01-28 18:32 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-28 18:32 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-28 18:32 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-28 18:29 8,138,240 a------- c:\windows\system32\ssBranded.scr
2009-01-28 18:29 37,376 a------- c:\windows\system32\printcom.dll
2009-01-28 18:29 441,856 a------- c:\windows\system32\win32spl.dll
2009-01-28 18:28 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-01-28 18:28 14,848 a------- c:\windows\system32\wshrm.dll
2009-01-28 18:28 11,776 a------- c:\windows\system32\sbunattend.exe
2009-01-28 18:28 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-01-28 18:27 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-01-28 18:27 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-01-28 18:27 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-01-28 18:27 2,855,424 a------- c:\windows\system32\mf.dll
2009-01-28 18:27 98,816 a------- c:\windows\system32\mfps.dll
2009-01-28 18:27 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-01-28 18:27 24,576 a------- c:\windows\system32\mfpmp.exe
2009-01-28 18:27 2,048 a------- c:\windows\system32\mferror.dll
2009-01-28 18:27 94,720 a------- c:\windows\system32\logagent.exe
2009-01-28 18:27 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-28 18:26 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-01-28 18:26 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-01-28 18:26 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-01-28 18:26 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-01-28 18:26 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-01-28 18:26 84,480 a------- c:\windows\system32\INETRES.dll
2009-01-28 18:26 737,792 a------- c:\windows\system32\inetcomm.dll
2009-01-28 18:26 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-28 18:25 1,327,104 a------- c:\windows\system32\quartz.dll
2009-01-28 18:25 974,336 a------- c:\windows\system32\crypt32.dll
2009-01-28 18:25 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-28 18:24 99,840 a------- c:\windows\system32\poqexec.exe
2009-01-28 18:24 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-28 18:24 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2009-01-28 18:24 2,026,496 a------- c:\windows\system32\win32k.sys
2009-01-28 18:24 633,856 a------- c:\windows\system32\user32.dll
2009-01-28 18:24 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-01-28 18:24 2,048 a------- c:\windows\system32\msxml6r.dll
2009-01-28 18:23 750,080 a------- c:\windows\system32\qmgr.dll
2009-01-28 17:06 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (RP304UA#ABA)_Y5335KV_0U_QCNF70214TZ_E436462-003_4A_I30BB_SQuanta_V66.3E_F.27_T070626_WV2-0_L409_M502_J80_7Intel_86E8_91.73_#090129_N80861092_(RP304UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-01-28 17:05 <DIR> --d----- c:\users\rj\appdata\roaming\Uniblue
2009-01-28 17:05 44 a------- c:\windows\system\hpsysdrv.dat
2009-01-28 17:04 <DIR> --d----- c:\program files\Uniblue
2009-01-28 17:01 81 a------- c:\windows\system32\LOG
2009-01-28 17:01 <DIR> --d----- c:\users\rj
2009-01-28 16:12 249,592 a------- c:\windows\system32\cssdll32.dll
2009-01-28 16:10 147,192 a------- c:\windows\system32\guard32.dll
2009-01-28 16:10 99,344 a------- c:\windows\system32\drivers\cmdguard.sys
2009-01-28 16:10 25,104 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-01-28 16:10 <DIR> --d----- c:\programdata\comodo
2009-01-28 16:10 <DIR> --d----- c:\progra~2\comodo
2009-01-28 16:10 <DIR> --d----- c:\program files\COMODO
2009-01-28 15:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-28 15:35 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-28 15:35 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-28 00:19 69,632 a------- c:\windows\system32\javacpl.cpl
2009-01-28 00:14 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-01-28 00:07 272,384 a------- c:\windows\system32\ShellvRTF64.dll
2009-01-28 00:07 237,568 a------- c:\windows\system32\ShellvRTF.dll
2009-01-28 00:07 <DIR> --d----- c:\windows\SMINST
2009-01-28 00:06 <DIR> --d----- c:\program files\HPQ
2009-01-28 00:05 8,192 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-01-28 00:05 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-01-28 00:05 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-01-28 00:05 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-01-28 00:05 9,472 a------- c:\windows\system32\drivers\CPQBttn.sys
2009-01-28 00:02 <DIR> --d----- c:\program files\DivX
2009-01-28 00:01 <DIR> --d----- c:\program files\muvee Technologies
2009-01-28 00:01 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-01-27 23:59 <DIR> --d----- c:\program files\Yahoo!
2009-01-27 23:56 <DIR> --d----- c:\program files\earthlink totalaccess
2009-01-27 23:56 <DIR> --d----- c:\program files\Online Services
2009-01-27 23:55 <DIR> --d----- c:\windows\HPCPCUninstall-6811507
2009-01-27 23:55 122,938 a----r-- c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
2009-01-27 23:55 <DIR> --d----- c:\program files\HP Connections
2009-01-27 23:48 <DIR> --d----- c:\programdata\WildTangent
2009-01-27 23:48 <DIR> --d----- c:\progra~2\WildTangent
2009-01-27 23:42 <DIR> --d----- c:\program files\HP Games
2009-01-27 23:40 <DIR> --d----- c:\programdata\Adobe
2009-01-27 23:39 <DIR> --d----- c:\programdata\CyberLink
2009-01-27 23:39 44,544 a------- c:\windows\system32\msxml4a.dll
2009-01-27 23:38 <DIR> --d----- c:\program files\HP
2009-01-27 23:37 <DIR> --d----- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-01-27 23:37 <DIR> --d----- c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-01-27 23:37 <DIR> --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-01-27 23:36 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-27 23:34 <DIR> --d----- c:\windows\PCHEALTH
2009-01-27 23:33 <DIR> --d----- c:\windows\SHELLNEW
2009-01-27 23:32 <DIR> --d----- c:\programdata\Microsoft Help
2009-01-27 23:16 <DIR> --d----- c:\programdata\Symantec
2009-01-27 23:16 <DIR> --d----- c:\progra~2\Symantec
2009-01-27 23:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-01-27 23:15 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-01-27 23:12 <DIR> --d----- c:\programdata\Sonic
2009-01-27 23:10 <DIR> --d----- c:\programdata\Roxio
2009-01-27 23:10 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-01-27 23:07 <DIR> --d----- c:\program files\Roxio
2009-01-27 23:07 <DIR> --dsh--- c:\windows\Installer
2009-01-27 23:03 <DIR> --d----- c:\programdata\InstallShield
2009-01-27 23:03 73,728 a------- c:\windows\system32\ISUSPM.cpl
2009-01-27 22:06 155,648 a------- c:\windows\system32\igfxres.dll
2009-01-27 22:03 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-01-27 21:56 385,024 a------- c:\windows\system32\igxpun.exe
2009-01-27 21:56 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-01-27 21:56 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-01-27 21:56 <DIR> --d----- c:\windows\system32\x64
2009-01-27 21:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-27 21:55 <DIR> --d----- c:\program files\Synaptics
2009-01-27 21:53 <DIR> --d----- c:\program files\CONEXANT
2009-01-27 21:42 <DIR> --d----- c:\windows\panther
2009-01-27 21:42 <DIR> --d----- c:\windows\OEMCert
2009-01-27 21:42 <DIR> --d-h--- C:\HP

==================== Find3M ====================

2009-01-29 03:35 51,200 a------- c:\windows\inf\infpub.dat
2009-01-29 03:35 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-29 03:35 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-29 03:35 86,016 a------- c:\windows\inf\infstor.dat
2009-01-29 03:32 174 a--sh--- c:\program files\desktop.ini
2009-01-28 21:11 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-28 21:11 826,368 a------- c:\windows\system32\wininet.dll
2009-01-28 21:11 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-01-28 21:11 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-28 21:05 6,224,896 a------- c:\windows\system32\NlsLexicons0027.dll
2009-01-28 20:43 371,712 a------- c:\windows\system32\srcore.dll
2009-01-28 18:30 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 16:32:34.92 ===============

#5 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 11 February 2009 - 12:36 AM

ATTACHED DDS

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 1/28/2009 2:49:01 PM
System Uptime: 1/31/2009 3:35:46 PM (1 hours ago)

Motherboard: Quanta | | 30BB
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | U2E1 | 1729/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 52.044 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.793 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Reader 8
ASL_HS_Installer32
AutoUpdate
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
COMODO Internet Security
COMODO SafeSurf
Conexant HD Audio
DivX
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
HP Active Support Library
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
Intel® Graphics Media Accelerator Driver
Java™ SE Runtime Environment 6
LightScribe 1.4.124.1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Works
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
My HP Games
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Synaptics Pointing Device Driver

#6 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 11 February 2009 - 04:10 PM

Hello.

Let's see what we can do.

Disable Realtime Protection
Antimalware programs can interfere with the tools we need to run. Please temporarily disable all realtime protections you have enabled. Refer to this page, if you are unsure how.

To disable Avira:
  • Navigate to the system tray on the bottom right hand corner and look for an open white umbrella on red background (looks to this: Posted Image )
  • right click it-> untick the option AntiVir Guard enable.
  • You should now see a closed, white umbrella on a red background (looks to this: Posted Image )
Download and Run ATFCleaner
Please download ATF Cleaner by Atribune. This program will clear out temporary files and settings. You will likely be logged out of the forum where you are recieving help.

This program is for XP and Windows 2000 only.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main Select Files to Delete choose: Select All.
  • Click the Empty Selected button.
Download and Run OTMoveIT
  • Please download OTMoveIt3 by OldTimer to your desktop. If you have already used the program, there is no need to download a new one.
  • Double-click OTMoveIt3.exe to run it. If you are running on Vista, right click on the file and choose Run As Administrator.
  • Copy the lines in the codebox below. Do not copy the word "code".
    :services
    GPXVTKGUGW
    KDYEQHKWCJ
    LO
    QEMBNZXA
    QRWFG
    
    :files
    c:\users\rj\appdata\local\temp\GPXVTKGUGW.exe
    c:\users\rj\appdata\local\temp\KDYEQHKWCJ.exe
    c:\users\rj\appdata\local\temp\LO.exe
    c:\users\rj\appdata\local\temp\QEMBNZXA.exe
    c:\users\rj\appdata\local\temp\QRWFG.exe
    
    :commands
    [emptytemp]
  • Return to OTMoveIt3, right click in the Paste List Of Files/Patterns To Move window (under the yellow bar) and choose Paste.
  • Close all open windows expect OTMoveIt.
  • Click the Posted Image button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3.
Note: If a file or folder cannot be moved immediately, you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key. Navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest ".log" file present, and copy/paste the contents of that document back here in your next post.

Download and Run Scan with GMER
We will use GMER to scan for rootkits.

Please download GMER.zip to your desktop from any of the links below:
LINK1, LINK2
  • Right click on GMER.zip and select "Extract All".
  • Close all other open programs as there is a slight chance your computer will crash.
  • Double click GMER.exe. Your security programs may detect GMER's driver trying to load. Allow it.
  • You may see a warning saying "GMER has detected rootkit activity". If so, select NO.
  • Leaving the settings at default, click Scan.
  • When the scan is complete, click Save and save the log onto your desktop.
Please include the log in your next reply.

Please post back with:
-the OTMoveIt log
-the GMER scan log
-a new DDS.txt log

Please give me an update on the symptoms.

With Regards,
The Panda

#7 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 12 February 2009 - 12:32 AM

========== SERVICES/DRIVERS ==========
Unable to stop service GPXVTKGUGW .
Unable to stop service KDYEQHKWCJ .
Unable to stop service LO .
Unable to stop service QEMBNZXA .
Unable to stop service QRWFG .
========== FILES ==========
File/Folder c:\users\rj\appdata\local\temp\GPXVTKGUGW.exe not found.
File/Folder c:\users\rj\appdata\local\temp\KDYEQHKWCJ.exe not found.
File/Folder c:\users\rj\appdata\local\temp\LO.exe not found.
File/Folder c:\users\rj\appdata\local\temp\QEMBNZXA.exe not found.
File/Folder c:\users\rj\appdata\local\temp\QRWFG.exe not found.
========== COMMANDS ==========
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 02112009_213046

Results for OTMoveIT3

#8 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 12 February 2009 - 01:19 AM

Gmer did not run properly on my computer:
GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-11 22:16:48
Windows 6.0.6000


---- Kernel code sections - GMER 1.0.14 ----

.text ntdll.dll!NtCreateFile + 3 7731F417 2 Bytes [ D3, FA ]

---- User code sections - GMER 1.0.14 ----

.text C:\Users\rj\Desktop\gmer\gmer.exe[1480] ntdll.dll!NtCreateFile + 3 7731F417 2 Bytes [ D3, FA ]
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxIndirectParamW 772314EA 5 Bytes JMP 71A2179F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxExA 7724570D 5 Bytes JMP 71A216E6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxParamA 772465BF 5 Bytes JMP 71A21764 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxIndirectW 7724F1B3 5 Bytes JMP 718B16B6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxParamW 7725129F 5 Bytes JMP 7188F301 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!DialogBoxIndirectParamA 772729C9 5 Bytes JMP 71A217DA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxIndirectA 7727FACF 5 Bytes JMP 71A21720 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1960] USER32.dll!MessageBoxExW 7727FBC9 5 Bytes JMP 71A216AC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.14 ----
It scan but did not list of the the scan. Ran it 3 times. I believe that system has these scans compressed!

#9 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 12 February 2009 - 01:23 AM

New DDS

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 1/28/2009 2:49:01 PM
System Uptime: 2/11/2009 9:06:39 PM (1 hours ago)

Motherboard: Quanta | | 30BB
Processor: Genuine Intel® CPU T2250 @ 1.73GHz | U2E1 | 1729/533mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 68 GiB total, 54.196 GiB free.
D: is FIXED (NTFS) - 6 GiB total, 0.793 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 9 ActiveX
Adobe Reader 8
ASL_HS_Installer32
AutoUpdate
Avira AntiVir Personal - Free Antivirus
CCleaner (remove only)
COMODO Internet Security
COMODO SafeSurf
Conexant HD Audio
DivX
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent
HijackThis 2.0.2
HP Active Support Library
HP Connections (remove only)
HP Customer Experience Enhancements
HP Easy Setup - Core
HP Easy Setup - Frontend
HP Help and Support
HP Quick Launch Buttons 6.10 B9
HP QuickPlay 3.0
HP Total Care Advisor
HP Update
HP User Guide 0048
HP Wireless Assistant
HPNetworkAssistant
Intel® Graphics Media Accelerator Driver
Java™ SE Runtime Environment 6
LightScribe 1.4.124.1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Works
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 5.0
My HP Games
Roxio Creator Audio
Roxio Creator Basic v9
Roxio Creator Copy
Roxio Creator Data
Roxio Creator EasyArchive
Roxio Creator Tools
Roxio Express Labeler 3
Roxio MyDVD Basic v9
Soft Data Fax Modem with SmartCP
Sonic Activation Module
Synaptics Pointing Device Driver

==== Event Viewer Messages From Past Week ========

2/4/2009 6:32:59 PM, Error: EventLog [6008] - The previous system shutdown at 9:32:29 PM on 2/3/2009 was unexpected.
2/4/2009 6:33:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/4/2009 6:33:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/4/2009 6:33:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/4/2009 6:33:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/4/2009 6:34:12 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/4/2009 6:34:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avgio avipbb cmdGuard spldr ssmdrv Wanarpv6
2/6/2009 12:36:35 AM, Error: EventLog [6008] - The previous system shutdown at 1:52:20 AM on 2/5/2009 was unexpected.
2/6/2009 12:37:31 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/6/2009 12:37:31 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Health Check Service service to connect.
2/6/2009 12:37:31 AM, Error: Service Control Manager [7000] - The HP Health Check Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/6/2009 12:41:02 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
2/6/2009 12:41:02 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/6/2009 12:46:05 AM, Error: EventLog [6008] - The previous system shutdown at 12:44:12 AM on 2/6/2009 was unexpected.
2/6/2009 3:52:25 PM, Error: EventLog [6008] - The previous system shutdown at 1:17:45 AM on 2/6/2009 was unexpected.
2/6/2009 4:07:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 937287-4_neutral_PACKAGE from package KB937287(Update) into Staging(Staging) state
2/6/2009 4:07:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 937287-3_neutral_PACKAGE from package KB937287(Update) into Staging(Staging) state
2/6/2009 4:07:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 937287-2_neutral_PACKAGE from package KB937287(Update) into Staging(Staging) state
2/6/2009 4:07:54 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 937287-1_neutral_GDR from package KB937287(Update) into Staging(Staging) state
2/6/2009 4:07:54 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB937287 (Update) into Staging(Staging) state
2/6/2009 7:20:47 PM, Error: EventLog [6008] - The previous system shutdown at 5:27:19 PM on 2/6/2009 was unexpected.
2/7/2009 11:32:14 AM, Error: EventLog [6008] - The previous system shutdown at 1:33:24 AM on 2/7/2009 was unexpected.
2/7/2009 11:33:29 PM, Error: EventLog [6008] - The previous system shutdown at 2:18:25 PM on 2/7/2009 was unexpected.
2/9/2009 8:37:33 PM, Error: EventLog [6008] - The previous system shutdown at 12:38:55 AM on 2/8/2009 was unexpected.
2/9/2009 10:05:32 PM, Error: EventLog [6008] - The previous system shutdown at 10:04:14 PM on 2/9/2009 was unexpected.
2/9/2009 10:14:22 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-1_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-2_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-6_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-7_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-8_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-9_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-10_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-11_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-12_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-13_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-14_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-15_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-16_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-17_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-18_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-23_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WindowsRecoveryDisc from package WindowsRecoveryDisc(Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update WindowsSidebarKillbits from package WindowsSidebarKillbits(Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update Microsoft-Windows-VistaServicePack-UninstallRemoval-Update from package Microsoft-Windows-VistaServicePack-UninstallRemoval-Package(Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update VistaSP1CEIP from package VistaSP1CEIP(Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-31_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-32_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-33_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-34_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-35_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-38_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-39_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-40_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update CRITDOQ-936330-49_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update CRITDOQ-936330-50_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update CRITDOQ-936330-51_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update CRITDOQ-936330-52_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update CRITDOQ-936330-53_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-54_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-55_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-56_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-57_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-58_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-59_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-60_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-61_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-62_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-63_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-64_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-65_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-66_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-67_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-68_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-69_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-70_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-71_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-72_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-73_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-74_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-75_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-76_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-77_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-78_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-79_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-80_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-81_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-82_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-83_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-84_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-85_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-86_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-87_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-88_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-89_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-90_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-91_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-92_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-93_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-94_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-95_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-96_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-97_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-98_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-99_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-100_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-101_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-102_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-103_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-104_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-105_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-106_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-107_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-108_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-109_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-110_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-111_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-112_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-113_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-114_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-115_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-116_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-117_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-118_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-119_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-120_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-121_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-122_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-123_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-124_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-125_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-126_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-127_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-128_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-129_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-130_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-131_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-132_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-133_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-134_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-135_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-136_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-137_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-138_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-139_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-140_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-141_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-142_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-143_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-144_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-145_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-146_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-147_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-148_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-149_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-150_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-151_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-152_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-153_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-154_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-155_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-156_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-157_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-158_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-159_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-160_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-161_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-162_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-163_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-164_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-165_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-166_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-167_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-168_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-169_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-170_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-171_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-172_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-173_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-174_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-175_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-176_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-177_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-178_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-179_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-180_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-181_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-182_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-183_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-184_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-185_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-186_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-187_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 936330-188_neutral_GDR from package KB936330(Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:25 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 960714-1_neutral_LDR from package KB960714(Security Update) into Resolving(Resolving) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB936330 (Service Pack) into Absent(Absent) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB936330 (Service Pack) into Resolving(Resolving) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsRecoveryDisc (Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsSidebarKillbits (Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-VistaServicePack-UninstallRemoval-Package (Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package VistaSP1CEIP (Feature Pack) into Resolving(Resolving) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957388 (Update) into Installed(Installed) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957388 (Update) into Staged(Staged) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Installed(Installed) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB905866 (Update) into Staged(Staged) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954459 (Security Update) into Installed(Installed) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954459 (Security Update) into Staged(Staged) state
2/9/2009 10:29:55 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956841 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956841 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951698 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951698 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951376 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951376 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950762 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950762 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957321 (Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957321 (Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958687 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958687 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951066 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB951066 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958624 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958624 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957097 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB957097 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954211 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954211 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938464 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938464 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB953155 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB953155 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB953733 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB953733 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956802 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956802 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958644 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958644 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955069 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955069 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955020 (Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955020 (Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959130 (Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959130 (Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958215 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958215 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938371 (Update) into Permanent(Permanent) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB938371 (Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958623 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB958623 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952287 (Hotfix) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952287 (Hotfix) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955839 (Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB955839 (Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB960714 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB960714 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB960714 (Security Update) into Resolving(Resolving) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950974 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB950974 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959108 (Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB959108 (Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952069 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB952069 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954154 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB954154 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956391 (Security Update) into Installed(Installed) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB956391 (Security Update) into Staged(Staged) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package Microsoft-Windows-VistaServicePack-UninstallRemoval-Package_en-US (Language Pack) into Absent(Absent) state
2/9/2009 10:29:56 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package WindowsRecoveryDisc_en-US (Language Pack) into Absent(Absent) state
2/9/2009 10:35:46 PM, Error: EventLog [6008] - The previous system shutdown at 10:34:26 PM on 2/9/2009 was unexpected.
2/9/2009 10:36:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/9/2009 10:36:26 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/9/2009 10:36:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avgio avipbb cmdGuard cmdHlp DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr ssmdrv Tcpip tdx Wanarpv6
2/10/2009 8:35:19 PM, Error: EventLog [6008] - The previous system shutdown at 11:35:54 PM on 2/9/2009 was unexpected.
2/11/2009 8:58:25 PM, Error: EventLog [6008] - The previous system shutdown at 1:25:44 AM on 2/11/2009 was unexpected.
2/11/2009 9:07:19 PM, Error: EventLog [6008] - The previous system shutdown at 9:05:18 PM on 2/11/2009 was unexpected.

==== End Of File ===========================

#10 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 12 February 2009 - 01:25 AM

DDS (Ver_09-02-01.01) - NTFSx86 NETWORK
Run by rj at 22:21:30.88 on Wed 02/11/2009
Internet Explorer: 7.0.6000.16764
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.184 [GMT -8:00]

AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: COMODO Firewall *enabled*
FW: Norton Internet Security *disabled*

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\rj\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
uURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [COMODO SafeSurf] "c:\program files\comodo\safesurf\cssurf.exe" -s
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [avgnt] "c:\program files\avira\antivir personaledition classic\avgnt.exe" /min
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} - hxxp://support.f-secure.com/ols/fscax.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll

============= SERVICES / DRIVERS ===============

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-1-28 25104]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-28 99344]

=============== Created Last 30 ================

2009-02-11 21:27 <DIR> --d----- C:\_OTMoveIt
2009-02-03 20:24 268,800 a------- c:\windows\system32\es.dll
2009-02-01 19:17 0 a------- c:\users\rj\appdata\roaming\wklnhst.dat
2009-01-29 03:53 250 a------- c:\windows\gmer.ini
2009-01-29 00:55 <DIR> --d----- c:\program files\CCleaner
2009-01-28 21:41 258,232 a------- c:\windows\system32\drivers\acpi.sys
2009-01-28 21:41 20,920 a------- c:\windows\system32\drivers\compbatt.sys
2009-01-28 21:41 11,264 a------- c:\windows\system32\drivers\wmiacpi.sys
2009-01-28 21:41 28,344 a------- c:\windows\system32\drivers\battc.sys
2009-01-28 21:41 14,208 a------- c:\windows\system32\drivers\CmBatt.sys
2009-01-28 21:33 41,984 a------- c:\windows\system32\drivers\monitor.sys
2009-01-28 21:24 8,147,968 a------- c:\windows\system32\wmploc.DLL
2009-01-28 21:24 7,680 a------- c:\windows\system32\spwmp.dll
2009-01-28 21:24 4,096 a------- c:\windows\system32\dxmasf.dll
2009-01-28 21:24 4,096 a------- c:\windows\system32\msdxm.ocx
2009-01-28 21:24 356,864 a------- c:\windows\system32\MediaMetadataHandler.dll
2009-01-28 21:23 396,800 a------- c:\windows\system32\MPSSVC.dll
2009-01-28 21:23 392,192 a------- c:\windows\system32\FirewallAPI.dll
2009-01-28 21:23 63,488 a------- c:\windows\system32\drivers\mpsdrv.sys
2009-01-28 21:23 86,016 a------- c:\windows\system32\icfupgd.dll
2009-01-28 21:23 61,952 a------- c:\windows\system32\cmifw.dll
2009-01-28 21:23 16,896 a------- c:\windows\system32\wfapigp.dll
2009-01-28 21:23 178,688 a------- c:\windows\system32\iphlpsvc.dll
2009-01-28 21:23 23,040 a------- c:\windows\system32\drivers\tunnel.sys
2009-01-28 21:23 15,360 a------- c:\windows\system32\drivers\TUNMP.SYS
2009-01-28 21:21 2,048 a------- c:\windows\system32\tzres.dll
2009-01-28 21:16 1,060,920 a------- c:\windows\system32\drivers\ntfs.sys
2009-01-28 21:16 21,560 a------- c:\windows\system32\drivers\atapi.sys
2009-01-28 21:16 109,624 a------- c:\windows\system32\drivers\ataport.sys
2009-01-28 21:16 45,112 a------- c:\windows\system32\drivers\pciidex.sys
2009-01-28 21:16 25,656 a------- c:\windows\system32\drivers\msahci.sys
2009-01-28 21:16 17,464 a------- c:\windows\system32\drivers\intelide.sys
2009-01-28 21:16 211,000 a------- c:\windows\system32\drivers\volsnap.sys
2009-01-28 21:16 154,624 a------- c:\windows\system32\drivers\nwifi.sys
2009-01-28 21:16 104,448 a------- c:\windows\system32\DWWIN.EXE
2009-01-28 21:15 2,923,520 a------- c:\windows\explorer.exe
2009-01-28 21:14 192,000 a------- c:\windows\system32\drivers\usbhub.sys
2009-01-28 21:14 8,704 a------- c:\windows\system32\hccoin.dll
2009-01-28 21:14 5,888 a------- c:\windows\system32\drivers\usbd.sys
2009-01-28 21:14 224,768 a------- c:\windows\system32\drivers\usbport.sys
2009-01-28 21:14 38,400 a------- c:\windows\system32\drivers\usbehci.sys
2009-01-28 21:14 23,040 a------- c:\windows\system32\drivers\usbuhci.sys
2009-01-28 21:14 8,704 a------- c:\windows\system32\hcrstco.dll
2009-01-28 21:06 803,328 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-28 21:06 216,632 a------- c:\windows\system32\drivers\netio.sys
2009-01-28 21:06 167,424 a------- c:\windows\system32\tcpipcfg.dll
2009-01-28 21:06 24,064 a------- c:\windows\system32\netcfg.exe
2009-01-28 21:06 22,016 a------- c:\windows\system32\netiougc.exe
2009-01-28 21:05 1,808,896 a------- c:\windows\system32\NlsLexicons0046.dll
2009-01-28 21:05 1,793,536 a------- c:\windows\system32\NlsLexicons0045.dll
2009-01-28 21:05 1,558,016 a------- c:\windows\system32\NlsLexicons0049.dll
2009-01-28 21:05 1,411,072 a------- c:\windows\system32\NlsLexicons0047.dll
2009-01-28 21:05 1,782,272 a------- c:\windows\system32\NlsLexicons0039.dll
2009-01-28 21:05 1,236,992 a------- c:\windows\system32\NlsLexicons0020.dll
2009-01-28 21:05 2,136,064 a------- c:\windows\system32\NlsLexicons0021.dll
2009-01-28 21:05 5,499,904 a------- c:\windows\system32\NlsLexicons0022.dll
2009-01-28 21:05 7,964,672 a------- c:\windows\system32\NlsLexicons0024.dll
2009-01-28 21:05 5,791,232 a------- c:\windows\system32\NlsLexicons0026.dll
2009-01-28 21:03 9,845,248 a------- c:\windows\system32\NlsData000a.dll
2009-01-28 21:03 2,641,408 a------- c:\windows\system32\NlsData000c.dll
2009-01-28 21:03 2,340,864 a------- c:\windows\system32\NlsData000d.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData000f.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0414.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0416.dll
2009-01-28 21:03 797,696 a------- c:\windows\system32\NaturalLanguage6.dll
2009-01-28 21:03 4,493,312 a------- c:\windows\system32\NlsData0816.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData081a.dll
2009-01-28 21:03 6,917,120 a------- c:\windows\system32\NlsLexicons0c1a.dll
2009-01-28 21:03 1,963,520 a------- c:\windows\system32\NlsData0c1a.dll
2009-01-28 20:44 1,585,664 a------- c:\windows\system32\setupapi.dll
2009-01-28 20:41 82,432 a------- c:\windows\system32\drivers\sdbus.sys
2009-01-28 20:41 9,728 a------- c:\windows\system32\LAPRXY.DLL
2009-01-28 20:41 223,232 a------- c:\windows\system32\WMASF.DLL
2009-01-28 20:41 2,048 a------- c:\windows\system32\asferror.dll
2009-01-28 20:39 223,232 a------- c:\windows\system32\SLC.dll
2009-01-28 20:39 268,288 a------- c:\windows\system32\mcbuilder.exe
2009-01-28 20:39 33,280 a------- c:\windows\system32\slwmi.dll
2009-01-28 20:39 566,784 a------- c:\windows\system32\SLCommDlg.dll
2009-01-28 20:39 351,232 a------- c:\windows\system32\SLUI.exe
2009-01-28 20:39 186,368 a------- c:\windows\system32\SLLUA.exe
2009-01-28 20:39 57,856 a------- c:\windows\system32\SLUINotify.dll
2009-01-28 20:39 2,605,568 a------- c:\windows\system32\SLsvc.exe
2009-01-28 20:39 39,936 a------- c:\windows\system32\slcinst.dll
2009-01-28 20:05 <DIR> --d----- c:\programdata\Avira
2009-01-28 20:05 <DIR> --d----- c:\program files\Avira
2009-01-28 20:05 <DIR> --d----- c:\progra~2\Avira
2009-01-28 19:37 <DIR> --d----- c:\program files\Trend Micro
2009-01-28 18:50 152,576 a------- c:\windows\system32\imagehlp.dll
2009-01-28 18:50 12,800 a------- c:\windows\system32\drivers\fs_rec.sys
2009-01-28 18:50 5,120 a------- c:\windows\system32\wmi.dll
2009-01-28 18:32 425,472 a------- c:\windows\system32\PhotoMetadataHandler.dll
2009-01-28 18:32 712,192 a------- c:\windows\system32\WindowsCodecs.dll
2009-01-28 18:32 347,136 a------- c:\windows\system32\WindowsCodecsExt.dll
2009-01-28 18:29 8,138,240 a------- c:\windows\system32\ssBranded.scr
2009-01-28 18:29 37,376 a------- c:\windows\system32\printcom.dll
2009-01-28 18:29 441,856 a------- c:\windows\system32\win32spl.dll
2009-01-28 18:28 113,664 a------- c:\windows\system32\drivers\rmcast.sys
2009-01-28 18:28 14,848 a------- c:\windows\system32\wshrm.dll
2009-01-28 18:28 11,776 a------- c:\windows\system32\sbunattend.exe
2009-01-28 18:28 290,304 a------- c:\windows\system32\drivers\srv.sys
2009-01-28 18:27 83,968 a------- c:\windows\system32\dnsrslvr.dll
2009-01-28 18:27 24,576 a------- c:\windows\system32\dnscacheugc.exe
2009-01-28 18:27 53,760 a------- c:\windows\system32\drivers\hdaudbus.sys
2009-01-28 18:27 2,855,424 a------- c:\windows\system32\mf.dll
2009-01-28 18:27 98,816 a------- c:\windows\system32\mfps.dll
2009-01-28 18:27 52,736 a------- c:\windows\system32\rrinstaller.exe
2009-01-28 18:27 24,576 a------- c:\windows\system32\mfpmp.exe
2009-01-28 18:27 2,048 a------- c:\windows\system32\mferror.dll
2009-01-28 18:27 94,720 a------- c:\windows\system32\logagent.exe
2009-01-28 18:27 996,352 a------- c:\windows\system32\WMNetMgr.dll
2009-01-28 18:26 58,368 a------- c:\windows\system32\drivers\mrxsmb20.sys
2009-01-28 18:26 101,888 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-01-28 18:26 84,992 a------- c:\windows\system32\drivers\srvnet.sys
2009-01-28 18:26 130,048 a------- c:\windows\system32\drivers\srv2.sys
2009-01-28 18:26 788,992 a------- c:\windows\system32\rpcrt4.dll
2009-01-28 18:26 84,480 a------- c:\windows\system32\INETRES.dll
2009-01-28 18:26 737,792 a------- c:\windows\system32\inetcomm.dll
2009-01-28 18:26 1,645,568 a------- c:\windows\system32\connect.dll
2009-01-28 18:25 1,327,104 a------- c:\windows\system32\quartz.dll
2009-01-28 18:25 974,336 a------- c:\windows\system32\crypt32.dll
2009-01-28 18:25 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-28 18:24 3,505,208 a------- c:\windows\system32\ntkrnlpa.exe
2009-01-28 18:24 3,470,904 a------- c:\windows\system32\ntoskrnl.exe
2009-01-28 18:24 2,026,496 a------- c:\windows\system32\win32k.sys
2009-01-28 18:24 633,856 a------- c:\windows\system32\user32.dll
2009-01-28 18:24 1,341,440 a------- c:\windows\system32\msxml6.dll
2009-01-28 18:24 2,048 a------- c:\windows\system32\msxml6r.dll
2009-01-28 18:23 750,080 a------- c:\windows\system32\qmgr.dll
2009-01-28 17:06 0 a--shr-- c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (RP304UA#ABA)_Y5335KV_0U_QCNF70214TZ_E436462-003_4A_I30BB_SQuanta_V66.3E_F.27_T070626_WV2-0_L409_M502_J80_7Intel_86E8_91.73_#090129_N80861092_(RP304UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-01-28 17:05 <DIR> --d----- c:\users\rj\appdata\roaming\Uniblue
2009-01-28 17:05 44 a------- c:\windows\system\hpsysdrv.dat
2009-01-28 17:04 <DIR> --d----- c:\program files\Uniblue
2009-01-28 17:01 81 a------- c:\windows\system32\LOG
2009-01-28 17:01 <DIR> --d----- c:\users\rj
2009-01-28 16:12 249,592 a------- c:\windows\system32\cssdll32.dll
2009-01-28 16:10 147,192 a------- c:\windows\system32\guard32.dll
2009-01-28 16:10 99,344 a------- c:\windows\system32\drivers\cmdguard.sys
2009-01-28 16:10 25,104 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-01-28 16:10 <DIR> --d----- c:\programdata\comodo
2009-01-28 16:10 <DIR> --d----- c:\progra~2\comodo
2009-01-28 16:10 <DIR> --d----- c:\program files\COMODO
2009-01-28 15:36 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-01-28 15:35 162,064 a------- c:\windows\system32\wuwebv.dll
2009-01-28 15:35 31,232 a------- c:\windows\system32\wuapp.exe
2009-01-28 00:19 69,632 a------- c:\windows\system32\javacpl.cpl
2009-01-28 00:14 <DIR> --d----- c:\programdata\Hewlett-Packard
2009-01-28 00:07 272,384 a------- c:\windows\system32\ShellvRTF64.dll
2009-01-28 00:07 237,568 a------- c:\windows\system32\ShellvRTF.dll
2009-01-28 00:07 <DIR> --d----- c:\windows\SMINST
2009-01-28 00:06 <DIR> --d----- c:\program files\HPQ
2009-01-28 00:05 8,192 a------- c:\windows\system32\drivers\eabfiltr.sys
2009-01-28 00:05 1,560,576 a------- c:\windows\system32\BttnCmns_64.dll
2009-01-28 00:05 1,560,576 a------- c:\windows\system32\BttnCmns.dll
2009-01-28 00:05 987,136 a------- c:\windows\system32\BttnCmn.dll
2009-01-28 00:05 9,472 a------- c:\windows\system32\drivers\CPQBttn.sys
2009-01-28 00:02 <DIR> --d----- c:\program files\DivX
2009-01-28 00:01 <DIR> --d----- c:\program files\muvee Technologies
2009-01-28 00:01 <DIR> --d----- c:\program files\common files\muvee Technologies
2009-01-27 23:59 <DIR> --d----- c:\program files\Yahoo!
2009-01-27 23:56 <DIR> --d----- c:\program files\earthlink totalaccess
2009-01-27 23:56 <DIR> --d----- c:\program files\Online Services
2009-01-27 23:55 <DIR> --d----- c:\windows\HPCPCUninstall-6811507
2009-01-27 23:55 122,938 a----r-- c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
2009-01-27 23:55 <DIR> --d----- c:\program files\HP Connections
2009-01-27 23:48 <DIR> --d----- c:\programdata\WildTangent
2009-01-27 23:48 <DIR> --d----- c:\progra~2\WildTangent
2009-01-27 23:42 <DIR> --d----- c:\program files\HP Games
2009-01-27 23:40 <DIR> --d----- c:\programdata\Adobe
2009-01-27 23:39 <DIR> --d----- c:\programdata\CyberLink
2009-01-27 23:39 44,544 a------- c:\windows\system32\msxml4a.dll
2009-01-27 23:38 <DIR> --d----- c:\program files\HP
2009-01-27 23:37 <DIR> --d----- c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-01-27 23:37 <DIR> --d----- c:\progra~2\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-01-27 23:37 <DIR> --d----- c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-01-27 23:36 32,592 a------- c:\windows\system32\msonpmon.dll
2009-01-27 23:34 <DIR> --d----- c:\windows\PCHEALTH
2009-01-27 23:33 <DIR> --d----- c:\windows\SHELLNEW
2009-01-27 23:32 <DIR> --d----- c:\programdata\Microsoft Help
2009-01-27 23:16 <DIR> --d----- c:\programdata\Symantec
2009-01-27 23:16 <DIR> --d----- c:\progra~2\Symantec
2009-01-27 23:16 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-01-27 23:15 <DIR> --d----- c:\program files\common files\SureThing Shared
2009-01-27 23:12 <DIR> --d----- c:\programdata\Sonic
2009-01-27 23:10 <DIR> --d----- c:\programdata\Roxio
2009-01-27 23:10 <DIR> --d----- c:\program files\common files\Sonic Shared
2009-01-27 23:07 <DIR> --d----- c:\program files\Roxio
2009-01-27 23:07 <DIR> --dsh--- c:\windows\Installer
2009-01-27 23:03 <DIR> --d----- c:\programdata\InstallShield
2009-01-27 23:03 73,728 a------- c:\windows\system32\ISUSPM.cpl
2009-01-27 22:06 155,648 a------- c:\windows\system32\igfxres.dll
2009-01-27 22:03 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-01-27 21:56 385,024 a------- c:\windows\system32\igxpun.exe
2009-01-27 21:56 121,232 a------- c:\windows\system32\IScrNBR.bmp
2009-01-27 21:56 121,232 a------- c:\windows\system32\IScrNB.bmp
2009-01-27 21:56 <DIR> --d----- c:\windows\system32\x64
2009-01-27 21:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-27 21:55 <DIR> --d----- c:\program files\Synaptics
2009-01-27 21:53 <DIR> --d----- c:\program files\CONEXANT
2009-01-27 21:42 <DIR> --d----- c:\windows\panther
2009-01-27 21:42 <DIR> --d----- c:\windows\OEMCert
2009-01-27 21:42 <DIR> --d-h--- C:\HP

==================== Find3M ====================

2009-01-29 03:35 51,200 a------- c:\windows\inf\infpub.dat
2009-01-29 03:35 665,600 a------- c:\windows\inf\drvindex.dat
2009-01-29 03:35 86,016 a------- c:\windows\inf\infstrng.dat
2009-01-29 03:35 86,016 a------- c:\windows\inf\infstor.dat
2009-01-29 03:32 174 a--sh--- c:\program files\desktop.ini
2009-01-28 21:11 52,736 a------- c:\windows\apppatch\iebrshim.dll
2009-01-28 21:11 826,368 a------- c:\windows\system32\wininet.dll
2009-01-28 21:11 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-01-28 21:11 56,320 a------- c:\windows\system32\iesetup.dll
2009-01-28 21:05 6,224,896 a------- c:\windows\system32\NlsLexicons0027.dll
2009-01-28 20:43 371,712 a------- c:\windows\system32\srcore.dll
2009-01-28 18:30 704,000 a------- c:\windows\system32\PhotoScreensaver.scr
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 04:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 04:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 01:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 01:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 22:21:50.46 ===============

#11 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 12 February 2009 - 01:28 AM

Ok, I did all of this in safemode with networking because when I tried in normal mode the computer stalled!! THe blue hourglass (circle) was steadily going around.

#12 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:29 AM

Posted 12 February 2009 - 11:59 AM

Hello.

Let's try somethine else. Do this in normal mode if possible.

If ComboFix restarts your machine, allow it go boot into normal mode, even if it will crash.

Download and Run ComboFix
Download Combofix by sUBs from any of the links below, and save it to your desktop.
Link 1, Link 2, Link 3
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click on ComboFix.exe and follow the prompts. If you are using Windows Vista, right click the icon and select "Run as Administrator". You will not recieve the prompts below if you are not using Windows XP. ComboFix will check to see if you have the Windows Recovery Console installed.
  • If you did not have it installed, you will see the prompt below. Choose YES.
    Posted ImagePosted Image

  • When the Recovery Console has been installed, you will see the prompt below. Choose YES.
    Posted Image
  • When finished, ComboFix will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

With Regards,
The Panda

#13 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 13 February 2009 - 10:29 PM

ok, i didnt get a message about recovery installed!! but it took forever for this program to start. Notice when it came up in a box c.bat and after scan the text in the top of box changed to \\rj-pc: C\combofix\regt.cfexe\s c:\combofix\cregB.dat thats exactly how it appeared.

ComboFix 09-02-12.03 - rj 2009-02-13 19:11:54.1 - NTFSx86
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.1.1033.18.501.102 [GMT -8:00]
Running from: c:\users\rj\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated)
AV: Norton Internet Security *On-access scanning enabled* (Outdated)
FW: COMODO Firewall *enabled*
FW: Norton Internet Security *disabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\x64

.
((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 03:04 --------- d-----w c:\program files\Windows Mail
2009-02-02 03:19 --------- d-----w c:\users\rj\AppData\Roaming\Template
2009-02-02 03:17 0 ----a-w c:\users\rj\AppData\Roaming\wklnhst.dat
2009-01-29 11:32 174 --sha-w c:\program files\desktop.ini
2009-01-29 11:17 --------- d-----w c:\program files\Yahoo!
2009-01-29 08:59 --------- d-----w c:\program files\CCleaner
2009-01-29 08:57 --------- d-----w c:\users\rj\AppData\Roaming\Yahoo!
2009-01-29 05:41 28,344 ----a-w c:\windows\system32\drivers\battc.sys
2009-01-29 05:41 258,232 ----a-w c:\windows\system32\drivers\acpi.sys
2009-01-29 05:41 20,920 ----a-w c:\windows\system32\drivers\compbatt.sys
2009-01-29 05:41 14,208 ----a-w c:\windows\system32\drivers\CmBatt.sys
2009-01-29 05:41 11,264 ----a-w c:\windows\system32\drivers\wmiacpi.sys
2009-01-29 05:33 41,984 ----a-w c:\windows\system32\drivers\monitor.sys
2009-01-29 05:23 63,488 ----a-w c:\windows\system32\drivers\mpsdrv.sys
2009-01-29 05:23 23,040 ----a-w c:\windows\system32\drivers\tunnel.sys
2009-01-29 05:23 15,360 ----a-w c:\windows\system32\drivers\TUNMP.SYS
2009-01-29 05:16 45,112 ----a-w c:\windows\system32\drivers\pciidex.sys
2009-01-29 05:16 25,656 ----a-w c:\windows\system32\drivers\msahci.sys
2009-01-29 05:16 211,000 ----a-w c:\windows\system32\drivers\volsnap.sys
2009-01-29 05:16 21,560 ----a-w c:\windows\system32\drivers\atapi.sys
2009-01-29 05:16 17,464 ----a-w c:\windows\system32\drivers\intelide.sys
2009-01-29 05:16 154,624 ----a-w c:\windows\system32\drivers\nwifi.sys
2009-01-29 05:16 109,624 ----a-w c:\windows\system32\drivers\ataport.sys
2009-01-29 05:16 1,060,920 ----a-w c:\windows\system32\drivers\ntfs.sys
2009-01-29 05:15 2,923,520 ----a-w c:\windows\explorer.exe
2009-01-29 05:14 5,888 ----a-w c:\windows\system32\drivers\usbd.sys
2009-01-29 05:14 38,400 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-01-29 05:14 23,040 ----a-w c:\windows\system32\drivers\usbuhci.sys
2009-01-29 05:14 224,768 ----a-w c:\windows\system32\drivers\usbport.sys
2009-01-29 05:14 192,000 ----a-w c:\windows\system32\drivers\usbhub.sys
2009-01-29 05:11 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-29 05:06 803,328 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-01-29 05:06 216,632 ----a-w c:\windows\system32\drivers\netio.sys
2009-01-29 04:43 54,784 ----a-w c:\windows\system32\drivers\i8042prt.sys
2009-01-29 04:43 495,160 ----a-w c:\windows\system32\drivers\Wdf01000.sys
2009-01-29 04:43 35,384 ----a-w c:\windows\system32\drivers\WdfLdr.sys
2009-01-29 04:43 35,384 ----a-w c:\windows\system32\drivers\kbdclass.sys
2009-01-29 04:43 34,360 ----a-w c:\windows\system32\drivers\mouclass.sys
2009-01-29 04:43 19,968 ----a-w c:\windows\system32\drivers\sermouse.sys
2009-01-29 04:43 15,872 ----a-w c:\windows\system32\drivers\kbdhid.sys
2009-01-29 04:41 82,432 ----a-w c:\windows\system32\drivers\sdbus.sys
2009-01-29 04:05 --------- d-----w c:\programdata\Avira
2009-01-29 04:05 --------- d-----w c:\program files\Avira
2009-01-29 03:37 --------- d-----w c:\program files\Trend Micro
2009-01-29 02:50 12,800 ----a-w c:\windows\system32\drivers\fs_rec.sys
2009-01-29 02:37 --------- d-----w c:\program files\Windows Sidebar
2009-01-29 02:28 290,304 ----a-w c:\windows\system32\drivers\srv.sys
2009-01-29 02:28 113,664 ----a-w c:\windows\system32\drivers\rmcast.sys
2009-01-29 02:27 53,760 ----a-w c:\windows\system32\drivers\hdaudbus.sys
2009-01-29 02:26 84,992 ----a-w c:\windows\system32\drivers\srvnet.sys
2009-01-29 02:26 58,368 ----a-w c:\windows\system32\drivers\mrxsmb20.sys
2009-01-29 02:26 130,048 ----a-w c:\windows\system32\drivers\srv2.sys
2009-01-29 02:26 101,888 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2009-01-29 02:25 --------- d-----w c:\program files\MSXML 4.0
2009-01-29 01:22 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-01-29 01:21 --------- d-----w c:\programdata\Symantec
2009-01-29 01:12 --------- d-----w c:\users\rj\AppData\Roaming\Hewlett-Packard
2009-01-29 01:12 --------- d-----w c:\programdata\Hewlett-Packard
2009-01-29 01:06 0 --sha-r c:\windows\system32\drivers\103C_HP_cNB_Pavilion dv6000 (RP304UA#ABA)_Y5335KV_0U_QCNF70214TZ_E436462-003_4A_I30BB_SQuanta_V66.3E_F.27_T070626_WV2-0_L409_M502_J80_7Intel_86E8_91.73_#090129_N80861092_(RP304UA#ABA)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-01-29 01:05 --------- d-----w c:\users\rj\AppData\Roaming\Uniblue
2009-01-29 01:04 --------- d-----w c:\program files\Uniblue
2009-01-29 00:47 --------- d-----w c:\programdata\comodo
2009-01-29 00:12 --------- d-----w c:\program files\COMODO
2009-01-29 00:10 99,344 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-01-29 00:10 25,104 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-01-28 08:18 --------- d-----w c:\program files\Java
2009-01-28 08:18 --------- d-----w c:\program files\Common Files\Java
2009-01-28 08:15 --------- d-----w c:\program files\Hewlett-Packard
2009-01-28 08:08 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-28 08:06 --------- d-----w c:\program files\HPQ
2009-01-28 08:06 --------- d-----w c:\program files\Common Files\LightScribe
2009-01-28 08:05 --------- d-----w c:\program files\HP
2009-01-28 08:02 --------- d-----w c:\program files\DivX
2009-01-28 08:02 --------- d-----w c:\program files\Common Files\muvee Technologies
2009-01-28 08:01 --------- d-----w c:\program files\muvee Technologies
2009-01-28 07:56 --------- d-----w c:\program files\earthlink totalaccess
2009-01-28 07:55 122,938 ----a-r c:\windows\HPCPCUninstaller-6.3.2.139-6811507.exe
2009-01-28 07:55 --------- d-----w c:\program files\HP Connections
2009-01-28 07:49 --------- d-----w c:\programdata\WildTangent
2009-01-28 07:49 --------- d-----w c:\program files\HP Games
2009-01-28 07:41 --------- d-----w c:\program files\Common Files\Adobe
2009-01-28 07:40 --------- d-----w c:\programdata\CyberLink
2009-01-28 07:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-28 07:37 --------- d-----w c:\programdata\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
2009-01-28 07:37 --------- d-----w c:\program files\Activation Assistant for the 2007 Microsoft Office suites
2009-01-28 07:36 --------- d-----w c:\programdata\Microsoft Help
2009-01-28 07:35 --------- d-----w c:\program files\Microsoft Works
2009-01-28 07:34 --------- d-----w c:\program files\Microsoft.NET
2009-01-28 07:16 --------- d-----w c:\program files\Common Files\SureThing Shared
2009-01-28 07:15 --------- d-----w c:\program files\Roxio
2009-01-28 07:13 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-01-28 07:12 --------- d-----w c:\programdata\Sonic
2009-01-28 07:12 --------- d-----w c:\programdata\Roxio
2009-01-28 07:12 --------- d-----w c:\program files\Common Files\Roxio Shared
2009-01-28 07:03 --------- d-----w c:\programdata\InstallShield
2009-01-28 05:59 --------- d-----w c:\program files\CONEXANT
2009-01-28 05:55 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
2009-01-28 05:55 --------- d-----w c:\program files\Synaptics
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2006-11-21 1474560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-14 815104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-11-06 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-11-06 106496]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-11-06 81920]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2006-11-24 167936]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-16 49152]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 159744]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-11-28 46704]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 317152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 472800]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0\bin\jusched.exe" [2009-01-28 77824]
"COMODO SafeSurf"="c:\program files\COMODO\SafeSurf\cssurf.exe" [2009-01-28 278264]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-01-28 1797880]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-07 44128]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll c:\windows\system32\cssdll32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{90828EA6-F142-4FF8-B16F-82B740011308}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{9C7E5C2B-C044-47EE-9C20-DC0F56096FD4}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{182DBE1B-E8AD-4BE9-B0A4-AFD2F4209909}"= UDP:c:\program files\HP\QuickPlay\QP.exe:QP
"{C9F89F7C-13A7-4D06-A675-F72865FE7611}"= TCP:c:\program files\HP\QuickPlay\QP.exe:QP
"{4F4817C6-366C-491C-A4FC-934172F6E7D5}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{BB322549-1BEE-424D-8BA1-DE799B1C8099}"= c:\program files\HP Connections\6811507\Program\HP Connections:HP Connections
"{8686E56E-3A93-4DBE-9794-1BD05188F921}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{5F03A535-D57A-47B7-99CB-965121279612}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{C588F38F-FEDB-4167-9E29-CFB336D21A17}"= UDP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{5C9AA791-E9C3-4445-A0C5-2598F4E18FF9}"= TCP:c:\program files\HP Connections\6811507\Program\HP Connections.exe:HP Connections
"{B2B45068-A997-43CF-8E2D-3FA90B8D94E4}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{4B785C87-A6E9-4EFC-AC68-934102B21DD5}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{81EDE85B-1571-47B9-925E-9F6B06496157}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{CB55973A-3016-4ECB-8BD8-D67353B2390C}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{9D9BE736-A27C-4CF2-8A6E-24DE435043A6}"= UDP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl
"{353C0FD5-282F-4B35-88EF-AC7EC710D9AB}"= TCP:c:\program files\earthlink totalaccess\TaskPanl.exe:taskpanl

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\EarthLink TotalAccess\\TaskPanl.exe"= c:\program files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [2009-01-28 99344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [2009-01-28 25104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=71&bd=Pavilion&pf=laptop
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-13 19:17:31
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(732)
c:\windows\system32\guard32.dll
c:\windows\system32\cssdll32.dll

- - - - - - - > 'lsass.exe'(568)
c:\windows\system32\guard32.dll
c:\windows\system32\cssdll32.dll
.
Completion time: 2009-02-13 19:20:43
ComboFix-quarantined-files.txt 2009-02-14 03:20:38

Pre-Run: The system cannot find message text for message number 0x2379 in the message file for Application.
Post-Run: 57,328,439,296 bytes free

207 --- E O F --- 2009-02-14 03:04:39

#14 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 13 February 2009 - 10:38 PM

also on yesterday i tried runnng the gmer again. It kept giving the blue screen of death each time. I couldnt catch error but was able to copy other information for the blue screen of death:

BCCODE: 1000008E
BCP1: C0000005
BCP2: 0000AADC
BCP3: 49Af9358
OS version: 6_0.6000
Service Pack 0_0 (Wow thts weird!!!)
Product: 768_1
Files that help:
C:/windows/minidump/mini 021209.03.dmp
C:/users/rj/appdata/local temp/WER-116891-0.sysdata.xml
C:/users/rj/appdata/localTemp/wer6E9A.tmp.version.txt

Dont know what all of this means, but maybe you will know. Something is not right stil here! Very pitch dark screen after logon. I noticed when starting up in task manager that logon.scr is present. Also I hve two instances of csrss.exe, taskmanager, and sum other things as well, is that normal? Dont think so !!

#15 kymberly

kymberly
  • Topic Starter

  • Banned
  • 387 posts
  • OFFLINE
  •  
  • Local time:09:29 AM

Posted 13 February 2009 - 10:45 PM

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-12 14:01:25
Windows 6.0.6000


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x87416AD8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x87417982]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x87416F0C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x87415E8E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x87416694]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x87415BE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x874164EA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x87416CBE]
SSDT 87BEB874 ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x87415520]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x87417604]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x874160D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x874168CC]
SSDT 87BEB860 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x87416364]
SSDT 87BEB865 ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x87415D06]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x874173BC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x874177B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8741606E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x87416258]
SSDT 87BEB86F ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x87415980]
SSDT 87BEB86A ZwWriteVirtualMemory
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x87417018]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateUserProcess [0x87417C12]

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[444] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\wininit.exe[512] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\wininit.exe[512] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wininit.exe[512] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\services.exe[564] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\services.exe[564] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\services.exe[564] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\lsass.exe[584] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsass.exe[584] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\lsm.exe[592] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\lsm.exe[592] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\winlogon.exe[692] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\winlogon.exe[692] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\winlogon.exe[692] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[772] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[772] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[832] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[832] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[832] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe[856] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\svchost.exe[956] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\svchost.exe[956] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[956] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe[984] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\svchost.exe[992] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\svchost.exe[992] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\svchost.exe[992] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1036] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1036] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1036] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\SearchFilterHost.exe[1140] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\SearchFilterHost.exe[1140] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchFilterHost.exe[1140] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[1168] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1208] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1208] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1208] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\SearchIndexer.exe[1232] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\SearchIndexer.exe[1232] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\SearchIndexer.exe[1232] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1280] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1280] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1280] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1292] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1292] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\spoolsv.exe[1488] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\spoolsv.exe[1488] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\spoolsv.exe[1488] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe[1512] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1524] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\svchost.exe[1524] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\svchost.exe[1524] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\DRIVERS\xaudio.exe[1768] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe[1856] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe[1868] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 00245740 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] ntdll.dll!NtClose 7782F354 5 Bytes JMP 00245810 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] USER32.dll!mouse_event 771594EF 5 Bytes JMP 002416D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] USER32.dll!EndTask 771A4A52 5 Bytes JMP 002453D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 00241550 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 00241860 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 00241230 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 002413C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 00245260 C:\Windows\system32\guard32.dll
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1884] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 002450E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe[1940] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\taskeng.exe[2528] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\taskeng.exe[2528] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\Dwm.exe[2664] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Dwm.exe[2664] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\Explorer.EXE[2700] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\Explorer.EXE[2700] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\Explorer.EXE[2700] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\Taskmgr.exe[2956] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\Taskmgr.exe[2956] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\Taskmgr.exe[2956] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HPCONN~1\6811507\Program\HPCONN~1.EXE[2964] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE[2980] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Windows Defender\MSASCui.exe[3084] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3100] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 00225740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] ntdll.dll!NtClose 7782F354 5 Bytes JMP 00225810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] USER32.dll!mouse_event 771594EF 5 Bytes JMP 002216D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] USER32.dll!EndTask 771A4A52 5 Bytes JMP 002253D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 00221550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 00221860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 00221230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ E6, 88 ]
.text C:\Windows\System32\igfxtray.exe[3112] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 002213C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ E6, 88 ]
.text C:\Windows\System32\igfxtray.exe[3112] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 00225260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxtray.exe[3112] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 002250E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 00225740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] ntdll.dll!NtClose 7782F354 5 Bytes JMP 00225810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] USER32.dll!mouse_event 771594EF 5 Bytes JMP 002216D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] USER32.dll!EndTask 771A4A52 5 Bytes JMP 002253D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 00221550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 00221860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 00221230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ E6, 88 ]
.text C:\Windows\System32\hkcmd.exe[3120] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 002213C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ E6, 88 ]
.text C:\Windows\System32\hkcmd.exe[3120] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 00225260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\hkcmd.exe[3120] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 002250E0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\igfxpers.exe[3132] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\System32\igfxpers.exe[3132] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\System32\igfxpers.exe[3132] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\QuickPlay\QPService.exe[3144] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\HP\HP Software Update\hpwuSchd2.exe[3152] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 00395740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] ntdll.dll!NtClose 7782F354 5 Bytes JMP 00395810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] USER32.dll!mouse_event 771594EF 5 Bytes JMP 003916D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] USER32.dll!EndTask 771A4A52 5 Bytes JMP 003953D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 00391550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 00391860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 00391230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ FD, 88 ]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 003913C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ FD, 88 ]
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 00395260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe[3160] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 003950E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe[3184] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe[3200] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0\bin\jusched.exe[3224] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 00155740 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] ntdll.dll!NtClose 7782F354 5 Bytes JMP 00155810 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 00151860 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 00151230 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ D9, 88 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 001513C0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ D9, 88 ]
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] USER32.dll!mouse_event 771594EF 5 Bytes JMP 001516D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] USER32.dll!EndTask 771A4A52 5 Bytes JMP 001553D0 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 00151550 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 00155260 C:\Windows\system32\guard32.dll
.text C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe[3296] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 001550E0 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] ntdll.dll!NtCreateFile + 3 7782F417 2 Bytes [ 82, FA ]
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Users\rj\Desktop\gmer\gmer.exe[3832] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] ntdll.dll!LdrUnloadDll 7780BF0A 7 Bytes JMP 10005740 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] ntdll.dll!NtClose 7782F354 5 Bytes JMP 10005810 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] USER32.dll!mouse_event 771594EF 5 Bytes JMP 100016D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] USER32.dll!EndTask 771A4A52 5 Bytes JMP 100053D0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] USER32.dll!keybd_event 771AFE80 5 Bytes JMP 10001550 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] GDI32.dll!BitBlt 773B6AB7 5 Bytes JMP 10001860 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] GDI32.dll!CreateDCA 773BBCD9 2 Bytes JMP 10001230 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] GDI32.dll!CreateDCA + 3 773BBCDC 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] GDI32.dll!CreateDCW 773BBE99 2 Bytes JMP 100013C0 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] GDI32.dll!CreateDCW + 3 773BBE9C 2 Bytes [ C4, 98 ]
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] ole32.dll!CoGetClassObject 77024E56 5 Bytes JMP 10005260 C:\Windows\system32\guard32.dll
.text C:\Windows\system32\wbem\wmiprvse.exe[3900] ole32.dll!CoCreateInstanceEx 7705DDD2 5 Bytes JMP 100050E0 C:\Windows\system32\guard32.dll

---- Devices - GMER 1.0.14 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- EOF - GMER 1.0.14 ----
Ok this was the second scan I ran. Got a message that said the program was not installed correctly, and I get this message alot when I try to install spyware or malware preventive programs. So i elected to installed the program a second time and these are the results I got. Whatever it is it can alter what ever I download. I had the same problem before with this. I ran a scan with a program forgot the name of it but it told me that combofix and all other programs wuz infected. I believe the program I used have a black spider, (Maybe Dr.CureIT??) Cant remember ran over 30 to try and find the problem to no avial.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users