Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow computer, unknown problem


  • This topic is locked This topic is locked
23 replies to this topic

#1 jabber1052

jabber1052

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 21 May 2010 - 11:12 AM

Hi,

So over the past month I've been having trouble with my computer being annoyingly slow in a way that makes doing work on it sometimes infuriating and watching videos straight-through impossible. When I watch a video online (for example, on hulu) usually the first few minutes are fine, and then it starts to lag a little bit or be jerky, and if I check the task manager, the CPU is shooting up to 100% very often. But this isn't particular to flash videos; I've had this happen when listening to iTunes and working in microsoft word, when I'm just surfing the web, etc, and every time, the CPU is shooting up to 100%, but it's never any one particular process that is always doing this -- it could be Chrome, or iTunes, or Word. My computer is an older laptop (Acer Travelmate 2420) but it didn't start acting this way until about a month ago, and so when it first started I actually did a repair reinstall of windows xp and that actually fixed one problem I had been having (when I used to start up, it would hang with just desktop wallpaper and no icons for a good two minutes without doing anything, before loading the rest of the desktop and explorer).

I'm posting my HijackThis log below. I don't think this is a driver problem because my device manager shows no conflicts and I've tried updating my drivers, but I honestly have no idea how to fix this. I have 2 GB of RAM (as far as I can update this laptop), a new hard drive, and a 1.5 GHz processor (single core).

Any ideas?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:09 PM, on 5/21/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1272840546289
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 7772 bytes


BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 23 May 2010 - 01:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 26 May 2010 - 11:01 PM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 27 May 2010 - 03:07 PM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 jabber1052

jabber1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 27 May 2010 - 06:13 PM

I've attached the dds log and the gmer log is split between two posts (the gmer log was too big to just be attached at once).

Thanks for all your help, I really hope there's a fix for my problem!

Attached Files



#6 jabber1052

jabber1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 27 May 2010 - 06:15 PM

So apparently I can't attach the whole of part 2 of the GMER log, and I also can't put it as text, so I've written below as much as it would let me write:

.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wscntfy.exe[1300] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1324] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 100022D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Will\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1376] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10006EF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10006F90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1516] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1736] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1972] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe[2084] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2104] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Bonjour\mDNSResponder.exe[2128] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[2168] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[2196] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe[2428] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)


#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 28 May 2010 - 09:47 PM

Hello, jabber1052
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.





Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 jabber1052

jabber1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 29 May 2010 - 01:46 AM

So I was confused by one of your directions...you said to rename the file <schrauber> but that's not a valid filename. So I originally downloaded the file (once from each location) with the original name ComboFix.exe and tried running it, and later tried calling it just schrauber.exe, but ended up getting the same result: When I'd run it, the progress bar for combofix would run through till it's full and then I'd get a series of error boxes that all say "windows cannot access the specified device, path, or file. you may not have the appropriate permissions to access the item" with the heading: 32788R22FWJFW\hidec.exe. If I clicked ok through all of them, then it would come up with the license agreement, and if I agreed to that it would come up with another popup that reads:

"!! ALERT !! It is NOT SAFE to continue!

The contents of the ComboFix package has been compromised. Please download a fresh copy from:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Note: You may be infected with a file patching virus 'Virut'"

which is a very scary warning to read. I did some research and found out this isn't unique and many others have experienced this. I turned off my antivirus/firewall (comodo internet security) before downloading the file, and this behavior happened whether I clicked link1 or link2.

Not sure how to proceed.

#9 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 29 May 2010 - 10:25 AM

Hi,


Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

c:\windows\explorer.exe
c:\windows\system32\svchost.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#10 jabber1052

jabber1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 29 May 2010 - 10:57 AM

Thanks for your fast reply! I could already see all hidden files and folders, but protected operating system files were hidden, so I made sure to make those visible. When I ran Jotti on explorer.exe and svchost.exe, they both came up clean (none of the scanners showed any infection).

---------
Update: I booted into safe mode and logged into the administrator and that allowed me to run combofix. Although I was in safe mode with networking it couldn't connect online and so wasn't able to download the microsoft recovery console, but it scanned anyway. Here are the results:

ComboFix 10-05-28.08 - Administrator 05/29/2010 12:16:18.1.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1773 [GMT -4:00]
Running from: c:\documents and settings\Will\Desktop\ComboFix.exe
AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SHELLLNK.TLB

.
((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-29 )))))))))))))))))))))))))))))))
.

2010-05-29 16:13 . 2010-05-29 16:13 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-05-29 06:42 . 2010-05-29 06:42 -------- d-----w- C:\32788R22FWJFW.2.tmp
2010-05-29 06:38 . 2010-05-29 06:41 -------- d-----w- C:\32788R22FWJFW.1.tmp
2010-05-28 15:30 . 2010-05-28 15:30 503808 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3f3e4c-n\msvcp71.dll
2010-05-28 15:30 . 2010-05-28 15:30 499712 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3f3e4c-n\jmc.dll
2010-05-28 15:30 . 2010-05-28 15:30 61440 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4ad0e041-n\decora-sse.dll
2010-05-28 15:30 . 2010-05-28 15:30 348160 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-5a3f3e4c-n\msvcr71.dll
2010-05-28 15:30 . 2010-05-28 15:30 12800 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4ad0e041-n\decora-d3d.dll
2010-05-26 17:25 . 2010-05-26 17:25 -------- d-----w- c:\program files\Common Files\Voyetra
2010-05-26 17:22 . 2010-05-26 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-05-26 17:22 . 2007-01-31 20:41 344064 ----a-w- c:\windows\system32\CM102rm.exe
2010-05-26 17:22 . 2006-11-14 19:20 1331712 ----a-w- c:\windows\system32\drivers\CM102.sys
2010-05-26 17:22 . 2007-01-31 20:42 315392 ------w- c:\windows\Cmi102Uninstall.exe
2010-05-26 17:22 . 2005-03-07 19:29 45056 ----a-w- c:\windows\system32\CM102rm.dll
2010-05-26 17:22 . 2004-04-14 16:28 315392 ----a-w- c:\windows\system\Fltr102.dll
2010-05-26 17:22 . 2004-01-27 20:19 86016 ------w- c:\windows\CMedia.dll
2010-05-26 17:22 . 2006-03-20 20:28 32768 ----a-w- c:\windows\system32\c102prop.dll
2010-05-26 17:22 . 2001-11-23 17:08 712704 ----a-w- c:\windows\system32\a3d102pu.dll
2010-05-26 17:22 . 2001-11-23 17:08 712704 ----a-w- c:\windows\system32\a3d.dll
2010-05-26 17:21 . 2010-05-26 17:21 -------- d-----w- c:\program files\Turtle Beach
2010-05-26 17:20 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2010-05-26 17:20 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-22 19:24 . 2010-05-22 19:24 -------- d-----w- c:\documents and settings\LocalService\Application Data\Softland
2010-05-21 16:53 . 2010-05-21 16:53 -------- d-----w- c:\windows\system32\Adobe
2010-05-21 16:09 . 2010-05-21 16:09 388096 ----a-r- c:\documents and settings\Will\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-20 16:16 . 2010-05-20 16:15 53248 ----a-w- c:\windows\system32\CSVer.dll
2010-05-20 15:59 . 2007-01-13 13:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-05-20 15:43 . 2007-01-13 14:33 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-05-20 15:43 . 2007-01-13 14:33 5672032 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-05-20 15:43 . 2007-01-13 14:32 149504 ----a-w- c:\windows\system32\igxpgd32.dll
2010-05-20 15:43 . 2007-01-13 14:32 1563776 ----a-w- c:\windows\system32\igxpdv32.dll
2010-05-20 15:43 . 2007-01-13 14:46 204800 ----a-w- c:\windows\system32\igfxCoIn_v4764.dll
2010-05-20 15:43 . 2007-01-13 14:33 2482688 ----a-w- c:\windows\system32\igxpdx32.dll
2010-05-20 15:43 . 2010-05-20 15:43 -------- d-----w- c:\windows\system32\Lang
2010-05-20 15:43 . 2007-01-19 14:14 389120 ----a-w- c:\windows\system32\igxpun.exe
2010-05-20 15:43 . 2006-11-10 12:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-05-20 15:42 . 2010-05-20 15:42 -------- d-----w- C:\Intel
2010-05-20 15:20 . 2010-05-20 15:21 -------- d-----w- c:\documents and settings\Will\Application Data\DriverCure
2010-05-20 15:18 . 2010-05-20 15:38 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure
2010-05-20 15:18 . 2010-05-20 15:18 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic
2010-05-19 15:22 . 2010-05-19 15:22 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\Innovative Solutions
2010-05-19 15:22 . 2010-05-19 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2010-05-18 17:52 . 2010-05-18 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2010-05-03 20:57 . 2010-05-03 20:58 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\Temp
2010-05-03 17:08 . 2010-05-03 17:08 -------- d-----w- c:\program files\iPod
2010-05-03 16:53 . 2010-05-03 16:53 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-05-03 16:10 . 2010-05-03 16:10 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-03 05:54 . 2001-08-23 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-05-03 05:54 . 2001-08-23 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-05-03 05:54 . 2009-07-31 14:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-05-03 05:54 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-05-03 05:53 . 2008-04-14 00:10 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2010-05-03 05:53 . 2008-04-14 00:09 24064 -c----w- c:\windows\system32\dllcache\pidgen.dll
2010-05-03 05:53 . 2008-04-14 00:11 81920 ------w- c:\windows\system32\ieencode.dll
2010-05-03 05:53 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-05-03 01:40 . 2010-05-03 01:40 -------- d-----w- c:\program files\MSXML 6.0
2010-05-03 00:44 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-03 00:44 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-03 00:44 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-03 00:44 . 2010-02-25 15:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-03 00:44 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-03 00:44 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-03 00:43 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-02 23:14 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-02 23:13 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-02 23:13 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-02 23:13 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-02 23:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-02 23:07 . 2010-01-29 15:01 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-05-02 23:05 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-05-02 23:05 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-05-02 23:05 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-05-02 23:05 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-05-02 23:05 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-05-02 23:05 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-05-02 23:05 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-05-02 23:05 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-05-02 23:05 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-05-02 23:05 . 2010-02-16 14:08 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-02 23:05 . 2010-02-17 13:10 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-02 23:05 . 2010-02-16 13:25 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-02 23:03 . 2010-01-29 15:01 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-05-02 23:03 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-02 23:02 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-02 23:02 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-02 23:01 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-02 22:47 . 2010-05-24 19:50 -------- d-----w- c:\documents and settings\Will\Local Settings\Application Data\AskToolbar
2010-05-02 21:49 . 2001-08-23 12:00 16896 -c--a-w- c:\windows\system32\dllcache\status.dll
2010-05-02 21:48 . 2001-08-23 12:00 92416 -c--a-w- c:\windows\system32\dllcache\mga.sys
2010-05-02 21:47 . 2001-08-23 12:00 31744 -c--a-w- c:\windows\system32\dllcache\fxsroute.dll
2010-05-02 21:46 . 2001-08-23 12:00 6144 -c--a-w- c:\windows\system32\dllcache\admxprox.dll
2010-05-02 21:46 . 2001-08-23 12:00 49664 -c--a-w- c:\windows\system32\dllcache\adrot.dll
2010-05-02 21:46 . 2001-08-18 02:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-05-02 21:46 . 2001-08-23 12:00 7168 -c--a-w- c:\windows\system32\dllcache\wamregps.dll
2010-05-02 21:46 . 2001-08-23 12:00 7680 -c--a-w- c:\windows\system32\dllcache\inetmgr.exe
2010-05-02 21:46 . 2001-08-23 12:00 19968 -c--a-w- c:\windows\system32\dllcache\inetsloc.dll
2010-05-02 21:46 . 2001-08-23 12:00 169984 -c--a-w- c:\windows\system32\dllcache\iisui.dll
2010-05-02 21:46 . 2001-08-23 12:00 6144 -c--a-w- c:\windows\system32\dllcache\ftpsapi2.dll
2010-05-02 21:46 . 2001-08-23 12:00 5632 -c--a-w- c:\windows\system32\dllcache\iisrstap.dll
2010-05-02 21:46 . 2001-08-23 12:00 14336 -c--a-w- c:\windows\system32\dllcache\iisreset.exe
2010-05-02 21:46 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-02 21:45 . 2010-05-02 21:45 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft
2010-05-02 21:43 . 2001-08-23 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-02 21:12 . 2001-08-23 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-02 21:12 . 2001-08-23 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-02 21:12 . 2001-08-23 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-02 21:12 . 2001-08-23 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-02 20:18 . 2010-05-02 20:18 -------- d-----w- c:\program files\Ask.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-29 06:19 . 2009-10-21 01:38 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-05-27 19:46 . 2010-01-26 17:00 1474832 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-26 17:21 . 2009-10-20 04:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-26 17:21 . 2009-10-20 04:46 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-20 16:53 . 2009-10-21 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-05-20 05:48 . 2009-10-21 03:59 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-14 02:31 . 2009-12-23 23:13 -------- d-----w- c:\documents and settings\Will\Application Data\Skype
2010-05-13 23:11 . 2009-12-23 23:14 -------- d-----w- c:\documents and settings\Will\Application Data\skypePM
2010-05-03 17:11 . 2009-11-01 17:36 -------- d-----w- c:\program files\iTunes
2010-05-03 17:08 . 2009-10-21 03:23 -------- d-----w- c:\program files\Common Files\Apple
2010-05-03 16:59 . 2009-10-21 03:25 -------- d-----w- c:\program files\Bonjour
2010-05-02 21:41 . 2009-10-20 03:18 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-02 20:17 . 2009-10-21 02:39 -------- d-----w- c:\program files\Foxit Software
2010-04-23 12:35 . 2009-10-25 02:51 -------- d-----w- c:\program files\Java
2010-04-14 04:33 . 2009-10-21 03:26 -------- d-----w- c:\documents and settings\Will\Application Data\Apple Computer
2010-04-12 21:29 . 2010-04-23 12:35 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 04:47 . 2010-04-12 04:46 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-12 04:42 . 2010-04-12 04:41 -------- d-----w- c:\program files\QuickTime
2010-04-09 05:18 . 2010-04-09 05:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Ableton
2010-04-09 05:18 . 2010-04-09 05:18 -------- d-----w- c:\documents and settings\Will\Application Data\Ableton
2010-04-09 05:13 . 2010-04-09 05:13 -------- d-----w- c:\program files\Ableton
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-31 12:45 . 2010-03-31 12:45 503808 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5230e642-n\msvcp71.dll
2010-03-31 12:45 . 2010-03-31 12:45 499712 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5230e642-n\jmc.dll
2010-03-31 12:45 . 2010-03-31 12:45 348160 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5230e642-n\msvcr71.dll
2010-03-31 12:45 . 2010-03-31 12:45 -------- d-----w- c:\program files\Common Files\Java
2010-03-31 12:45 . 2010-03-31 12:45 61440 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7dfdf8a4-n\decora-sse.dll
2010-03-31 12:45 . 2010-03-31 12:45 12800 ----a-w- c:\documents and settings\Will\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-7dfdf8a4-n\decora-d3d.dll
2010-03-24 21:46 . 2009-10-20 03:47 23760 ----a-w- c:\documents and settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-10 06:15 . 2004-08-04 05:56 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-05 04:11 . 2009-11-29 05:49 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-02-04 20:50 1197448 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-02-04 1197448]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2009-10-20 102490]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-10-20 708698]
"OCAudioIni"="c:\program files\One-click Audio Converter\OCAudioIni.exe" [2007-03-12 57344]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2007-09-14 2595480]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe" [2007-09-14 905056]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2007-09-14 140568]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"SoundMan"="SOUNDMAN.EXE" [2009-10-20 77824]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"Turtle Beach Audio Advantage Micro"="c:\program files\Turtle Beach\AudioAdvantageMicro\TBAA.exe" [2007-02-15 1650688]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 19:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 01:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2009-10-20 04:50 77824 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ACS"=2 (0x2)
"Messenger"=3 (0x3)
"LightScribeService"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"FLEXnet Licensing Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\Program Files\\CambridgeSoft\\ChemOffice2010\\ChemDraw\\ChemDraw.exe"=
"c:\\Program Files\\Microsoft Office\\OFFICE11\\EXCEL.EXE"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [10/20/2009 10:32 PM 25160]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [10/20/2009 10:32 PM 134344]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [10/20/2009 11:58 PM 583640]
S3 CM1023264TB;C-Media CM102 Like Sound UDAX Interface;c:\windows\system32\drivers\CM102.sys [5/26/2010 1:22 PM 1331712]
S3 iTurns;iTurns;c:\windows\system32\drivers\iTurnsDriver.sys [11/28/2008 3:26 PM 10704]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MDMXSDK
*NewlyCreated* - PARPORT
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2010-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1708537768-682003330-1003Core.job
- c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 20:57]

2010-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1708537768-682003330-1003UA.job
- c:\documents and settings\Will\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-03 20:57]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-29 12:20
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-1708537768-682003330-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,da,24,21,4f,3c,1d,4e,93,71,3b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2f,da,24,21,4f,3c,1d,4e,93,71,3b,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(652)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-05-29 12:22:24
ComboFix-quarantined-files.txt 2010-05-29 16:22

Pre-Run: 21,239,689,216 bytes free
Post-Run: 21,611,081,728 bytes free

- - End Of File - - 3A7C9287F0C87CF2CCE9B483D370F6EC

Edited by jabber1052, 29 May 2010 - 11:29 AM.


#11 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 31 May 2010 - 02:20 PM

Hi,


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#12 jabber1052

jabber1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 01 June 2010 - 07:12 PM

Kaspersky scan results:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, June 1, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, June 01, 2010 16:33:22
Records in database: 4195084
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 121848
Threats found: 5
Infected objects found: 8
Suspicious objects found: 0
Scan duration: 03:05:25


File name / Threat / Threats count
C:\UBCD4Win\BartPE\PROGRAMS\mbrfix\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1
C:\UBCD4Win\plugin\Disk\Partition\MbrFix\MbrFix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1
C:\UBCD4Win\plugin\Network\CrossLoop\files\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\UBCD4Win\plugin\Network\CrossLoop\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\UBCD4Win\plugin\Network\ultravnc\files\sfx\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ac 1
C:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1

Selected area has been scanned.


#13 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 03 June 2010 - 12:34 PM

Hi,




Download and Run StartupLite


This program will identify startup entries that are unnecessary to be started at bootup. This will help free some memory.
  • Download StartupLite.exe by MalwareBytes to your desktop.
  • Double click on StartUpLite.exe to run it. If you are using Windows Vista, right click the icon and select Run As Administrator.
  • A list of unecessary startup entries will be compiled.
  • Take a read at the description of each and for most of them you probably won't need it please make sure there is a checkmark next to Disable.
  • Leave all the items as Disabled and click Continue.
  • Restart your computer once it's done.





Please download TFC by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
TFC (Temp File Cleaner) will clear out all temp folders for all user accounts (temp, IE temp, java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder. It also cleans out the %systemroot%\temp folder and checks for .tmp files in the %systemdrive% root folder, %systemroot%, and the system32 folder (both 32bit and 64bit on 64bit OSs). It shows the amount removed for each location found (in bytes) and the total removed (in MB). Before running, it will stop Explorer and all other running apps. When finished, if a reboot is required the user must reboot to finish clearing any in-use temp files.

TFC only cleans temp folders. TFC will not clean URL history, prefetch, or cookies. Depending on how often someone cleans their temp folders, their system hardware, and how many accounts are present, it can take anywhere from a few seconds to a minute or more. TFC will completely clear all temp files where other temp file cleaners may fail. TFC requires a reboot immediately after running. Be sure to save any unsaved work before running TFC.




  1. Please download OTL from one of the following mirrors:
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    /md5stop
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemdrive%\*.sys /90 /md5
  5. Push the Quick Scan button.
  6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#14 jabber1052

jabber1052
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 03 June 2010 - 04:38 PM

OTL.txt


OTL logfile created on: 6/3/2010 5:13:22 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Will\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 18.12 Gb Free Space | 46.40% Space Free | Partition Type: NTFS
Drive D: | 193.82 Gb Total Space | 140.92 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUNDER-MIFFLIN
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/06/03 17:01:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
PRC - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/01/29 09:52:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/29 09:52:12 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2009/10/20 00:53:36 | 000,102,490 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/09/14 03:02:34 | 000,905,056 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/09/14 02:55:30 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/09/14 02:52:46 | 002,595,480 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2003/01/21 16:19:24 | 000,040,960 | ---- | M] (VM.) -- C:\WINDOWS\VM_STI.EXE


========== Modules (SafeList) ==========

MOD - [2010/06/03 17:01:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
MOD - [2010/02/05 19:02:20 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2009/10/20 00:53:36 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/16 08:33:40 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/01/29 09:52:12 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/10/21 13:04:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/10/14 15:42:38 | 000,583,640 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2007/09/14 04:01:56 | 000,492,600 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/09/14 02:55:26 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2004/12/27 17:12:16 | 000,036,864 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\acs.exe -- (ACS)


========== Driver Services (SafeList) ==========

DRV - [2010/02/05 19:02:18 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/29 09:53:00 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/01/29 09:52:59 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/10/21 17:51:17 | 000,070,912 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2009/10/21 17:28:39 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2009/10/21 17:28:39 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2009/10/21 17:28:39 | 000,242,048 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2009/10/20 23:19:38 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2009/10/20 23:19:38 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2009/10/20 23:19:34 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/10/20 23:19:28 | 000,368,736 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2009/10/20 00:53:35 | 000,193,216 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/10/20 00:50:49 | 002,317,504 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2008/11/28 15:26:56 | 000,010,704 | ---- | M] (Pixbyte Development SL) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iTurnsDriver.sys -- (iTurns)
DRV - [2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/01/13 10:33:18 | 005,672,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
DRV - [2006/11/14 15:20:06 | 001,331,712 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CM102.sys -- (CM1023264TB)
DRV - [2005/01/10 15:47:14 | 000,449,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ar5211.sys -- (AR5211)
DRV - [2004/08/05 19:05:02 | 000,090,532 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbVM31b.sys -- (ZSMC301b)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.vassar.edu/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/14 21:30:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/05/02 16:17:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/04/12 00:42:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/05/02 16:17:59 | 000,000,000 | ---D | M]

[2009/10/20 21:07:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Extensions
[2010/06/01 15:20:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\a4chwofb.default\extensions
[2010/05/11 16:29:42 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\a4chwofb.default\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
[2010/05/02 02:17:44 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\a4chwofb.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/12 17:34:58 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\a4chwofb.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010/04/21 21:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Mozilla\Firefox\Profiles\a4chwofb.default\extensions\foxmarks@kei.com
[2010/06/01 15:20:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 08:36:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/05/02 16:17:00 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

O1 HOSTS File: ([2010/05/29 12:20:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [OCAudioIni] C:\Program Files\One-click Audio Converter\OCAudioIni.exe (Streamware Development)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [Turtle Beach Audio Advantage Micro] C:\Program Files\Turtle Beach\AudioAdvantageMicro\TBAA.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/...b?1272840546289 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Will\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Will\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/19 23:21:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/02 17:45:15 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/06/03 17:01:07 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
[2010/06/03 17:00:31 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\TFC.exe
[2010/06/03 17:00:20 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Documents and Settings\Will\Desktop\StartUpLite.exe
[2010/06/01 23:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Application Data\BitTorrent
[2010/06/01 23:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/05/29 14:43:55 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/29 12:22:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/05/29 12:11:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/29 12:11:01 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/29 12:11:01 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/29 12:11:01 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/29 12:10:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/29 12:08:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2010/05/29 02:37:58 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/26 13:25:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Voyetra
[2010/05/26 13:22:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010/05/26 13:22:16 | 000,229,376 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\WINDOWS\System\TBMicro.cpl
[2010/05/26 13:22:15 | 000,344,064 | ---- | C] (C-Media Corporation) -- C:\WINDOWS\System32\CM102rm.exe
[2010/05/26 13:22:14 | 001,331,712 | ---- | C] (C-Media Inc) -- C:\WINDOWS\System32\drivers\CM102.sys
[2010/05/26 13:22:13 | 000,315,392 | ---- | C] (Voyetra Turtle Beach) -- C:\WINDOWS\Cmi102Uninstall.exe
[2010/05/26 13:22:13 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System\Fltr102.dll
[2010/05/26 13:22:12 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\WINDOWS\System32\c102prop.dll
[2010/05/26 13:21:51 | 000,000,000 | ---D | C] -- C:\Program Files\Turtle Beach
[2010/05/25 20:42:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Desktop\Ableton Live DJ Tutorial
[2010/05/22 15:24:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Softland
[2010/05/21 12:53:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2010/05/20 12:16:45 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/05/20 11:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
[2010/05/20 11:42:48 | 000,000,000 | ---D | C] -- C:\Intel
[2010/05/20 11:20:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Application Data\DriverCure
[2010/05/20 11:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/20 11:18:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2010/05/19 22:15:52 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Will\Recent
[2010/05/19 11:22:26 | 000,000,000 | ---D | C] -- D:\My Documents\My Drivers
[2010/05/19 11:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Local Settings\Application Data\Innovative Solutions
[2010/05/19 11:22:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2010/05/18 13:52:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/03 16:57:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Local Settings\Application Data\Temp
[2010/05/03 13:08:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/05/03 12:10:50 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/03 08:41:14 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/02 21:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/05/02 18:47:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Local Settings\Application Data\AskToolbar
[2010/05/02 17:49:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/02 17:49:36 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/02 17:47:30 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/02 16:18:39 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2010/04/23 08:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Application Data\Real
[2010/04/12 00:46:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/12 00:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/04/09 01:18:09 | 000,000,000 | ---D | C] -- D:\My Documents\Ableton
[2010/04/09 01:18:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2010/04/09 01:18:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Application Data\Ableton
[2010/04/09 01:15:55 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\REX Shared Library.dll
[2010/04/09 01:15:54 | 000,368,640 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\System32\ReWire.dll
[2010/04/09 01:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Ableton
[2010/03/31 08:46:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/31 08:45:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/29 23:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Application Data\SumatraPDF
[2010/03/29 23:47:52 | 000,000,000 | ---D | C] -- C:\Program Files\SumatraPDF
[2010/03/21 15:59:48 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2010/03/21 15:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[2010/03/21 15:35:56 | 000,000,000 | ---D | C] -- D:\My Documents\VirtualDJ
[2010/03/19 18:06:37 | 000,000,000 | ---D | C] -- D:\My Documents\Audacity Expts
[2010/03/15 14:30:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Will\Local Settings\Application Data\Google
[2010/03/15 14:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 90 Days ==========

[2010/06/03 17:12:02 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/03 17:10:54 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/03 17:10:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/03 17:10:46 | 2137,509,888 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/03 17:10:10 | 009,699,328 | ---- | M] () -- C:\Documents and Settings\Will\ntuser.dat
[2010/06/03 17:10:10 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Will\ntuser.ini
[2010/06/03 17:02:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1708537768-682003330-1003UA.job
[2010/06/03 17:02:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1708537768-682003330-1003Core.job
[2010/06/03 17:01:09 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\OTL.exe
[2010/06/03 17:00:32 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Will\Desktop\TFC.exe
[2010/06/03 17:00:22 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Documents and Settings\Will\Desktop\StartUpLite.exe
[2010/06/03 16:17:23 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/03 16:17:22 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Will\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/02 19:08:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/02 01:56:16 | 000,020,992 | ---- | M] () -- D:\My Documents\mileage.xls
[2010/05/31 22:00:41 | 000,000,864 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2010/05/29 13:44:49 | 001,575,517 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Wild Pokemon Battle.mp3
[2010/05/29 12:20:25 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/29 12:20:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/27 15:46:24 | 001,474,832 | ---- | M] () -- C:\WINDOWS\System32\drivers\sfi.dat
[2010/05/27 14:25:31 | 003,941,730 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Indigo Plateau - Pokemon Red Blue Yellow.mp3
[2010/05/26 13:23:54 | 000,000,041 | ---- | M] () -- C:\WINDOWS\System\TBMicro.ini
[2010/05/21 12:10:28 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\HiJackThis.lnk
[2010/05/20 18:33:33 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 12:40:43 | 000,508,956 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/20 12:40:43 | 000,432,924 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/20 12:40:43 | 000,067,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/20 12:36:06 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/20 12:36:06 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/20 12:32:05 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/20 12:15:22 | 000,053,248 | ---- | M] (Windows XP Bundled build C-Centric Single User) -- C:\WINDOWS\System32\CSVer.dll
[2010/05/14 20:21:03 | 000,065,828 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\i_want_it_that_way.gp5
[2010/05/07 15:50:51 | 000,000,784 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/03 12:11:14 | 001,430,280 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/02 17:52:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/02 17:45:42 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/02 17:44:32 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/02 17:44:32 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/02 17:44:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/02 17:44:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/02 17:44:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/02 17:44:22 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/02 17:44:21 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/02 17:44:21 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/02 17:41:48 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/02 17:39:46 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/09 01:15:55 | 000,000,838 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Live 8.1.1.lnk
[2010/03/24 17:46:34 | 000,023,760 | ---- | M] () -- C:\Documents and Settings\Will\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/03/24 17:10:22 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2010/03/21 15:59:58 | 000,000,694 | ---- | M] () -- C:\Documents and Settings\Will\Desktop\Virtual DJ.lnk

========== Files Created - No Company Name ==========

[2010/05/29 13:44:49 | 001,575,517 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Wild Pokemon Battle.mp3
[2010/05/29 12:25:07 | 2137,509,888 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/29 12:11:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/29 12:11:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/29 12:11:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/29 12:11:01 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/29 12:11:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/27 14:25:27 | 003,941,730 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Indigo Plateau - Pokemon Red Blue Yellow.mp3
[2010/05/26 13:23:54 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System\TBMicro.ini
[2010/05/26 13:22:13 | 000,086,016 | ---- | C] () -- C:\WINDOWS\CMedia.dll
[2010/05/26 13:22:13 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\CM102rm.dll
[2010/05/20 12:33:34 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2010/05/20 11:43:17 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4764.dll
[2010/05/20 11:43:15 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNBR.bmp
[2010/05/20 11:43:15 | 000,121,232 | ---- | C] () -- C:\WINDOWS\System32\IScrNB.bmp
[2010/05/19 11:14:47 | 000,107,596 | ---- | C] () -- C:\toolkit_widget.gif
[2010/05/14 20:21:00 | 000,065,828 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\i_want_it_that_way.gp5
[2010/05/03 16:57:23 | 000,000,974 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1708537768-682003330-1003UA.job
[2010/05/03 16:57:23 | 000,000,922 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-1708537768-682003330-1003Core.job
[2010/05/03 01:54:44 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/05/03 01:54:44 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/05/03 01:54:44 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/05/03 01:54:44 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/05/03 01:54:43 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/05/03 01:54:43 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/05/03 01:54:43 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/05/03 01:54:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/05/03 01:54:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/05/03 01:54:43 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/05/03 01:54:43 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/05/03 01:54:43 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/05/03 01:54:43 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/05/03 01:54:43 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/05/03 01:54:42 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/05/03 01:54:42 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/05/03 01:54:42 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/05/03 01:54:42 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/05/03 01:54:41 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/05/03 01:54:41 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/05/03 01:54:41 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/05/03 01:54:41 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/05/03 01:54:41 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/05/03 01:54:41 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/05/03 01:54:41 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/05/03 01:54:40 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/05/03 01:54:40 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/05/03 01:54:37 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/05/03 01:54:37 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/05/03 01:54:37 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/05/03 01:54:33 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/05/03 01:54:33 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/05/03 01:54:33 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/05/03 01:54:33 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/05/03 01:54:33 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/05/03 01:54:33 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/05/03 01:54:31 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/05/03 01:54:31 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/05/03 01:54:31 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/05/03 01:54:31 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/05/03 01:54:24 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/05/03 01:54:23 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/05/03 01:54:18 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/05/03 01:54:17 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/05/03 01:54:14 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/05/03 01:54:14 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/05/03 01:54:14 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/05/03 01:54:14 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/05/03 01:54:14 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/05/03 01:54:14 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/05/03 01:54:14 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/05/03 01:54:14 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/05/03 01:54:14 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/05/03 01:54:14 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/05/03 01:54:14 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/05/03 01:54:14 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/05/03 01:54:14 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/05/03 01:54:14 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/05/03 01:54:14 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/05/03 01:54:14 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/05/03 01:54:10 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/05/03 01:54:09 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/05/03 01:54:09 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/05/03 01:53:56 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/05/03 01:53:56 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/05/03 01:53:56 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/05/03 01:53:56 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/05/03 01:53:56 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/05/03 01:53:54 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/05/03 01:53:31 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/05/03 01:53:23 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/05/03 01:53:23 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/05/03 01:53:23 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/05/03 01:53:23 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/05/03 01:53:22 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/05/03 01:53:22 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/05/03 01:53:22 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/05/03 01:53:22 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/05/03 01:53:22 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/05/03 01:53:22 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/05/03 01:53:20 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/05/02 17:50:33 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/02 17:49:27 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/02 17:49:27 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/02 17:49:25 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/02 17:48:49 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/02 17:48:48 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/02 17:48:33 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/02 17:48:31 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/02 17:48:27 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/02 17:48:13 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/02 17:48:02 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/02 17:47:35 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/02 17:47:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/02 17:47:29 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/02 17:47:29 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/02 17:47:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/02 17:47:28 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/02 17:47:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/02 17:47:28 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/02 17:47:27 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/02 17:47:27 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/02 17:47:27 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/02 17:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/02 17:47:27 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/02 17:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/02 17:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/02 17:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/02 17:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/02 17:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/02 17:47:26 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/02 17:47:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/02 17:47:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/02 17:47:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/02 17:47:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/02 17:47:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/02 17:47:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/02 17:47:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/02 17:47:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/02 17:47:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/02 17:47:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/02 17:47:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/02 17:47:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/02 17:47:23 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/02 17:47:23 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/02 17:47:23 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/02 17:47:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/02 17:47:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/02 17:47:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/02 17:47:22 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/02 17:47:22 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/02 17:47:22 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/02 17:47:22 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/02 17:47:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/02 17:47:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/02 17:47:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/02 17:47:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/02 17:47:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/02 17:47:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/02 17:47:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/02 17:47:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/02 17:47:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/02 17:47:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/02 17:47:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/02 17:47:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/02 17:47:19 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/02 17:47:19 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/02 17:47:19 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/02 17:47:19 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/02 17:47:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/02 17:47:19 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/02 17:47:18 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/02 17:47:17 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/02 17:44:32 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/02 17:44:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/02 17:44:22 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/02 17:44:21 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/02 17:44:21 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/02 17:44:21 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/02 17:12:08 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/02 17:12:08 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/02 17:12:07 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/02 17:12:07 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/02 17:12:07 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/02 17:12:07 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/02 17:12:07 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2010/05/02 17:12:06 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/04/22 14:20:52 | 000,000,838 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Live 8.1.1.lnk
[2010/03/21 23:52:34 | 000,000,864 | ---- | C] () -- C:\VirtualDJ Local Database v6.xml
[2010/03/21 15:59:58 | 000,000,694 | ---- | C] () -- C:\Documents and Settings\Will\Desktop\Virtual DJ.lnk
[2010/03/20 11:01:03 | 009,699,328 | ---- | C] () -- C:\Documents and Settings\Will\ntuser.dat
[2009/11/14 21:37:27 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/11/02 00:15:22 | 000,000,130 | ---- | C] () -- C:\WINDOWS\cfplogvw.INI
[2009/10/20 23:12:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/10/20 23:08:38 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPCX8400.ini
[2009/10/20 23:00:23 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/10/20 00:51:12 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

========== LOP Check ==========

[2010/04/09 01:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ableton
[2009/10/20 23:19:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acronis
[2009/10/20 22:35:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/10/20 23:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CambridgeSoft
[2010/05/20 11:38:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverCure
[2009/11/16 02:19:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2010/05/19 11:22:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Innovative Solutions
[2009/10/21 19:10:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/02/07 15:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MediaMonkey
[2009/10/24 11:11:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Mestrelab Research S.L
[2010/05/20 11:18:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2010/05/18 13:52:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/05/20 01:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/12 00:47:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/20 23:26:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/04/09 01:18:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Ableton
[2009/10/20 22:36:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\acccore
[2010/06/03 02:15:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\BitTorrent
[2010/05/20 11:21:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\DriverCure
[2009/12/12 23:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\EPSON
[2009/10/20 22:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Foxit
[2010/01/10 18:10:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\iTSfv
[2010/02/26 23:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1
[2010/01/22 03:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Registry Mechanic
[2010/03/29 23:51:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\SumatraPDF
[2009/10/20 21:38:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Will\Application Data\Thunderbird

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\UBCD4Win\XPCD\I386\sp2.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/05/03 08:41:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/05/03 08:41:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\UBCD4Win\XPCD\I386\sp2.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/05/03 08:41:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/05/03 08:41:05 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\DRIVERS\ATAPI.SYS
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2002/10/24 16:59:48 | 000,087,040 | ---- | M] (Microsoft Corporation) MD5=F1D915C3870E741D83B5142F3B358761 -- C:\UBCD4Win\plugin\!Critical\Large IDE-Fix\files\sp2\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\UBCD4Win\BartPE\I386\SYSTEM32\EVENTLOG.DLL
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\SoftwareDistribution\Download\de81b460c3abcfc5b8494c785a5f3944\sp2qfe\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\UBCD4Win\BartPE\I386\SYSTEM32\NETLOGON.DLL
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\UBCD4Win\BartPE\I386\SYSTEM32\SCECLI.DLL
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/02 13:09:52 | 003,821,568 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/02 16:49:46 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/05/02 13:09:52 | 033,554,432 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/02 13:09:52 | 008,912,896 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemdrive%\*.sys /90 /md5 >
[2010/06/03 17:10:46 | 2137,509,888 | -HS- | M] () Unable to obtain MD5 -- C:\hiberfil.sys
[2010/06/03 17:10:45 | 2145,386,496 | -HS- | M] () Unable to obtain MD5 -- C:\pagefile.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
< End of report >

------------------------------------------------------------------------------------------------------
Extras.txt






OTL Extras logfile created on: 6/3/2010 5:13:22 PM - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Documents and Settings\Will\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 76.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 18.12 Gb Free Space | 46.40% Space Free | Partition Type: NTFS
Drive D: | 193.82 Gb Total Space | 140.92 Gb Free Space | 72.71% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DUNDER-MIFFLIN
Current User Name: Will
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe" = C:\Program Files\CambridgeSoft\ChemOffice2010\ChemDraw\ChemDraw.exe:*:Enabled:ChemBioDraw Ultra 12.0 -- (CambridgeSoft Corp.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\PFPortChecker\PFPortChecker.exe" = C:\Program Files\PFPortChecker\PFPortChecker.exe:*:Enabled:PFPortchecker by portforward.com helps check if your ports are properly forwarded. -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{24ADC0E4-8D3E-40C4-9106-F2DE5E9112F1}" = EPSON Stylus CX8400 Series Scanner Driver Update
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = Vimicro USB PC Camera 301x
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}" = Adobe Setup
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5EA24DA8-F398-42C7-8CDC-39273493C514}" = Vimicro USB PC Camera (ZC0302)
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{602945F3-084E-48DE-B908-5E76784FD28A}" = SAPI5VoiceInstaller
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7B8C6C6A-264D-E3F1-AA56-D371B9065ABA}" = iTunes Export
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{92F31257-15BA-46EE-887D-3C18C0790ACE}" = Atheros Client Installation Program
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B28B351F-1232-46EA-85EF-B8EA91641033}" = Nero 7 Essentials
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B93BC257-3F73-47B1-B68D-597C6878C8E7}" = CambridgeSoft ChemBioDraw Ultra 12.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DA2C31A1-D5E6-4472-A143-A323CECEE1C5}_is1" = One-click Audio Converter 3.13
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE03E7C3-0250-49DC-A5AA-24FE0555EA22}" = AudioAdvantageMicro
"{E5343B27-55DF-40BD-9FCF-A643C1331E8A}" = Acronis True Image Home
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E773E0B9-6ABE-4F9E-816C-56B2DD8613B9}" = CambridgeSoft Activation Client
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Adobe_a04a925a57548091300ada368235fc6" = Adobe Illustrator CS3
"AIM_7" = AIM 7
"Audacity_is1" = Audacity 1.2.6
"AutoHotkey" = AutoHotkey 1.0.48.05
"BitTorrent" = BitTorrent
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_266D_CplEFL5k" = Soft Data Fax Modem with SmartCP
"COMODO Internet Security" = COMODO Internet Security
"doPDF 6 printer_is1" = doPDF 6.3 printer
"DVD Shrink_is1" = DVD Shrink 3.2
"ePresentation" = Acer ePresentation Management
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"Foxit Reader" = Foxit Reader
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HDMI" = Intel® Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"ie8" = Windows Internet Explorer 8
"iTunesExport.9816BF1711E8C5ABC4CED8E503841951211D8E5D.1" = iTunes Export
"Live 8.1.1" = Live 8.1.1
"MediaMonkey_is1" = MediaMonkey 3.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Picasa 3" = Picasa 3
"RealAlt_is1" = Real Alternative 2.0.1
"Registry Mechanic_is1" = Registry Mechanic 9.0
"SumatraPDF" = SumatraPDF
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"UBCD4Win_is1" = UBCD4Win 3.50
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Write-N-Cite" = Write-N-Cite

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Gambit" = Gambit
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/27/2010 6:02:22 PM | Computer Name = DUNDER-MIFFLIN | Source = Google Update | ID = 20
Description =

Error - 5/27/2010 7:02:05 PM | Computer Name = DUNDER-MIFFLIN | Source = Google Update | ID = 20
Description =

Error - 5/28/2010 11:30:05 AM | Computer Name = DUNDER-MIFFLIN | Source = Application Error | ID = 1000
Description = Faulting application jaucheck.exe, version 2.0.2.1, faulting module
jaucheck.exe, version 2.0.2.1, fault address 0x0000c940.

Error - 5/28/2010 12:40:31 PM | Computer Name = DUNDER-MIFFLIN | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x02d7f290.

Error - 6/2/2010 1:55:50 AM | Computer Name = DUNDER-MIFFLIN | Source = ChemDrawExcel12 | ID = 0
Description = Procedure: ExcelAddIn::ThisApplication_WorkbookActivate Details: Unable
to cast COM object of type 'System.__ComObject' to interface type 'Microsoft.Office.Interop.Excel.Worksheet'.
This operation failed because the QueryInterface call on the COM component for
the interface with IID '{000208D8-0000-0000-C000-000000000046}' failed due to the
following error: No such interface supported (Exception from HRESULT: 0x80004002
(E_NOINTERFACE)). StackTrace: at CambridgeSoft.ChemOffice.ChemDrawExcelAddIn.ExcelAddIn.ThisApplication_WorkbookActivate(Workbook
Wb)

Error - 6/2/2010 2:25:54 PM | Computer Name = DUNDER-MIFFLIN | Source = Bonjour Service | ID = 100
Description = 244: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/2/2010 2:25:54 PM | Computer Name = DUNDER-MIFFLIN | Source = Bonjour Service | ID = 100
Description = 236: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/2/2010 2:25:54 PM | Computer Name = DUNDER-MIFFLIN | Source = Bonjour Service | ID = 100
Description = 396: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/2/2010 2:25:54 PM | Computer Name = DUNDER-MIFFLIN | Source = Bonjour Service | ID = 100
Description = 388: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 6/2/2010 2:25:54 PM | Computer Name = DUNDER-MIFFLIN | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

[ System Events ]
Error - 6/2/2010 2:37:02 PM | Computer Name = DUNDER-MIFFLIN | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
or more time sources, however none of the sources are currently accessible. No attempt
to contact a source will be made for 14 minutes. NtpClient has no source of accurate
time.

Error - 6/2/2010 3:00:12 PM | Computer Name = DUNDER-MIFFLIN | Source = DCOM | ID = 10010
Description = The server {DC0C2640-1415-4644-875C-6F4D769839BA} did not register
with DCOM within the required timeout.

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7034
Description = The Acronis Scheduler2 Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7034
Description = The PC Tools Startup and Shutdown Monitor service service terminated
unexpectedly. It has done this 1 time(s).

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7034
Description = The Broadcom Wireless LAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 6/3/2010 5:06:33 PM | Computer Name = DUNDER-MIFFLIN | Source = Service Control Manager | ID = 7034
Description = The Acronis Try And Decide Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >



#15 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:03:46 PM

Posted 05 June 2010 - 07:27 AM

Hi,

Is the system still slow?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users