Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with a backdoor trojan


  • This topic is locked This topic is locked
7 replies to this topic

#1 Jourdana

Jourdana

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 09 June 2010 - 02:22 PM

A backdoor trojan was detected and was removed by my previous antivirus. I am not sure if my pc is completely free of this trojan. My new antivirus can't detect it anymore though. But my firefox crashes most of the time and I have this feeling that I have been hacked. Would appreciate if somebody can help me. Here are my DDS and GMER Logs. Thanks!

DDS (Ver_10-03-17.01) - NTFSx86
Run by Carla at 21:16:22.42 on Wed 06/09/2010
Internet Explorer: 8.0.6001.18928 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.1.1033.18.2012.842 [GMT 3:00]

AV: Emsisoft Anti-Malware *On-access scanning disabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}
SP: COMODO Defense+ *disabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe
C:\Windows\Explorer.EXE
C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Carla\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
mDefault_Page_URL = hxxp://www.yahoo.com
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [ccleaner] "c:\program files\ccleaner\CCleaner.exe" /AUTO
mRun: [BCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [P0870Cfg.exe] P0870Cfg.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: {0BE58FB7-D51B-467D-8E5D-A576B3A5679F} = 156.154.70.22,156.154.71.22
TCP: {26EF8281-CF98-404C-8F01-F6A3C68C8E7A} = 156.154.70.22,156.154.71.22
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: acaptuser32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\carla\appdata\roaming\mozilla\firefox\profiles\eclpnc8s.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - component: c:\users\carla\appdata\roaming\mozilla\firefox\profiles\eclpnc8s.default\extensions\keyscrambler@qfx.software.corporation\components\KeyScramblerIE.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\carla\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-5-21 39576]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-5-21 11776]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-5-26 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2010-4-9 218560]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2010-4-9 30112]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-3 149040]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2010-5-20 25896]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-7 67656]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-5-21 1911960]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-5-26 19024]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-5-26 51792]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R2 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-5-20 219360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\comodo\comodo livepcsupport\CLPSLS.exe [2010-2-20 148744]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-5-20 68136]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-5-21 71008]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-26 40384]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-5-21 115312]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-3 42368]
R3 P0870Dev;Creative WebCam Live! Motion;c:\windows\system32\drivers\P0870Dev.sys [2010-5-20 172544]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1170464]
S2 McAfeeFramework;McAfee Framework Service;"c:\program files\mcafee\common framework\frameworkservice.exe" /servicestart --> c:\program files\mcafee\common framework\FrameworkService.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-26 21504]
S3 PD0870Srv;Creative PD0870 RunApp Service;c:\windows\system32\P0870Srv.exe [2010-5-20 20480]

=============== Created Last 30 ================

2010-06-09 18:15:09 0 ----a-w- c:\users\carla\defogger_reenable
2010-06-09 16:07:58 289792 ----a-w- c:\windows\system32\atmfd.dll
2010-06-09 16:07:57 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-06-09 16:07:30 2037248 ----a-w- c:\windows\system32\win32k.sys
2010-06-04 19:03:09 0 d-----w- c:\programdata\Sun
2010-06-04 19:02:11 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-31 09:18:43 0 d-----w- c:\users\carla\appdata\roaming\Malwarebytes
2010-05-31 09:18:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-31 09:18:33 0 d-----w- c:\programdata\Malwarebytes
2010-05-31 09:18:31 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-31 09:18:30 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 18:55:37 22872 ----a-r- c:\windows\system32\AdobePDFUI.dll
2010-05-29 18:54:20 112056 ----a-w- c:\windows\system32\acaptuser32.dll
2010-05-29 15:18:32 0 d-----w- c:\program files\Secunia
2010-05-28 11:04:52 14896 ----a-w- c:\windows\system32\drivers\psi_mf.sys
2010-05-27 19:55:41 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-05-26 20:50:57 51792 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-05-26 20:44:12 0 d--h--w- c:\program files\Zero G Registry
2010-05-26 20:44:12 0 d-----w- c:\program files\Britannica 8.0
2010-05-26 20:41:55 0 d--h--w- c:\users\carla\InstallAnywhere
2010-05-26 06:53:12 0 d-----w- c:\program files\MSECache
2010-05-26 04:47:56 0 d-----w- c:\program files\Windows Portable Devices
2010-05-26 04:45:52 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2010-05-26 04:44:58 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-05-26 04:44:58 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-05-26 04:44:58 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-05-26 04:41:04 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-05-26 04:41:04 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-05-26 04:41:03 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-05-26 04:16:41 0 d-----w- c:\windows\system32\eu-ES
2010-05-26 04:16:41 0 d-----w- c:\windows\system32\ca-ES
2010-05-26 04:16:40 0 d-----w- c:\windows\system32\vi-VN
2010-05-26 04:01:03 0 d-----w- c:\windows\system32\EventProviders
2010-05-26 03:57:59 361984 ----a-w- c:\windows\system32\SLUI.exe
2010-05-26 03:56:52 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2010-05-26 03:56:52 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2010-05-26 03:56:52 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-05-26 03:56:52 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2010-05-26 03:56:52 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2010-05-26 03:56:52 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2010-05-26 03:56:52 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2010-05-26 03:56:50 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2010-05-26 03:56:46 218624 ----a-w- c:\windows\system32\wdscore.dll
2010-05-26 03:56:46 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2010-05-26 03:56:41 247808 ----a-w- c:\windows\system32\drvstore.dll
2010-05-26 03:42:53 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-05-26 03:42:51 11967524 ----a-w- c:\windows\system32\korwbrkr.lex
2010-05-26 03:32:28 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-05-26 03:32:19 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-26 03:13:05 0 d-----w- C:\PerfLogs
2010-05-26 02:41:29 193024 ----a-w- c:\windows\system32\recdisc.exe
2010-05-26 02:41:22 6656 ----a-w- c:\windows\system32\sdspres.dll
2010-05-26 02:39:59 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-05-26 02:38:58 705536 ----a-w- c:\windows\system32\imagesp1.dll
2010-05-25 07:00:43 327680 ----a-w- c:\windows\SPInstall.etl
2010-05-25 05:48:31 675152 ----a-w- c:\windows\system32\gpprefcl.dll
2010-05-25 05:48:28 28274 ----a-w- c:\windows\system32\wbem\polprocl.mof
2010-05-25 05:43:02 0 d-----w- c:\programdata\Windows Genuine Advantage
2010-05-25 05:42:21 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-05-25 05:41:33 0 d-----w- c:\programdata\Office Genuine Advantage
2010-05-25 05:39:17 0 d-----w- c:\users\carla\appdata\roaming\SUPERAntiSpyware.com
2010-05-25 05:39:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-25 03:18:26 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-05-25 02:11:29 57667 ----a-w- c:\windows\system32\ieuinit.inf
2010-05-24 07:26:29 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-24 07:14:58 0 d-----w- c:\windows\system32\appmgmt
2010-05-24 07:08:42 0 d-----w- c:\program files\Microsoft Security Essentials
2010-05-24 02:42:49 0 d-----w- c:\programdata\Alwil Software
2010-05-24 02:26:10 0 d-----w- c:\program files\ESET
2010-05-23 14:52:26 377344 ----a-w- c:\windows\system32\winhttp.dll
2010-05-22 17:23:03 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-05-22 17:23:01 270848 ----a-w- c:\windows\system32\schannel.dll
2010-05-22 07:19:39 46928 ----a-w- c:\windows\system32\AdobePDF.dll
2010-05-22 06:39:53 0 d-----w- c:\programdata\FLEXnet
2010-05-21 19:44:43 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-05-21 07:40:21 6656 ----a-w- c:\windows\system32\kbd106n.dll
2010-05-21 06:54:29 0 d--h--w- C:\VritualRoot
2010-05-21 06:48:53 0 d-----w- c:\programdata\COMODO
2010-05-21 06:18:30 115312 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2010-05-21 06:18:29 0 d-----w- c:\program files\KeyScrambler
2010-05-21 05:47:10 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-05-21 05:47:10 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-05-21 05:38:52 0 d---a-w- c:\programdata\TEMP
2010-05-21 05:38:47 0 d-----w- c:\program files\SpywareBlaster
2010-05-21 05:33:56 0 d-----w- c:\users\carla\appdata\roaming\WinPatrol
2010-05-21 05:33:47 0 d-----w- c:\program files\BillP Studios
2010-05-21 05:26:51 0 d-----w- c:\program files\COMODO
2010-05-21 05:26:01 0 d-----w- c:\programdata\Comodo Downloader
2010-05-21 05:14:26 0 d-----w- c:\program files\CCleaner
2010-05-21 04:23:52 72704 ----a-w- c:\windows\system32\fontsub.dll
2010-05-21 04:23:52 23552 ----a-w- c:\windows\system32\lpk.dll
2010-05-21 04:23:52 156672 ----a-w- c:\windows\system32\t2embed.dll
2010-05-21 04:23:52 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-05-21 04:22:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-05-21 04:22:50 272896 ----a-w- c:\windows\system32\polstore.dll
2010-05-21 04:21:48 1820 ----a-w- c:\windows\system32\rasctrnm.h
2010-05-21 04:20:49 98816 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-05-21 04:20:49 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-05-21 04:17:37 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-05-21 04:17:37 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-05-21 04:17:37 17920 ----a-w- c:\windows\system32\netevent.dll
2010-05-21 04:17:37 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-05-21 04:17:37 105984 ----a-w- c:\windows\system32\netiohlp.dll
2010-05-21 04:17:37 10240 ----a-w- c:\windows\system32\finger.exe
2010-05-21 04:17:36 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-05-21 04:17:36 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-05-21 04:17:36 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-05-21 04:14:27 2501921 ----a-w- c:\windows\system32\wlan.tmf
2010-05-21 04:14:27 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-05-21 04:14:26 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-05-21 04:14:26 65024 ----a-w- c:\windows\system32\wlanapi.dll
2010-05-21 04:14:26 513536 ----a-w- c:\windows\system32\wlansvc.dll
2010-05-21 04:14:26 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-05-21 04:14:26 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-05-21 04:14:25 2334 ----a-w- c:\windows\system32\wbem\L2SecHC.mof
2010-05-21 04:14:25 12880 ----a-w- c:\windows\system32\wbem\wlan.mof
2010-05-21 04:14:24 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-05-21 04:13:22 1248768 ----a-w- c:\windows\system32\msxml3.dll
2010-05-21 04:13:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-05-21 04:13:21 1401856 ----a-w- c:\windows\system32\msxml6.dll
2010-05-21 04:13:20 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-05-21 04:12:19 72704 ----a-w- c:\windows\system32\secur32.dll
2010-05-21 04:12:19 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2010-05-21 04:12:19 218624 ----a-w- c:\windows\system32\msv1_0.dll
2010-05-21 04:12:19 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-05-21 04:12:18 9728 ----a-w- c:\windows\system32\lsass.exe
2010-05-21 04:12:18 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-21 04:12:17 13780 ----a-w- c:\windows\system32\wbem\lsasrv.mof
2010-05-21 04:11:18 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-05-21 04:11:18 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-05-21 04:11:18 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-05-21 04:09:31 98816 ----a-w- c:\windows\system32\mfps.dll
2010-05-21 04:09:31 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-05-21 04:09:31 2868224 ----a-w- c:\windows\system32\mf.dll
2010-05-21 04:09:31 2048 ----a-w- c:\windows\system32\mferror.dll
2010-05-21 04:09:30 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-05-21 04:08:26 3600776 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-05-21 04:08:26 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-05-21 04:03:59 71680 ----a-w- c:\windows\system32\atl.dll
2010-05-21 03:57:44 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-05-21 03:55:52 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-05-21 03:55:52 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-05-21 03:55:52 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-05-21 03:52:23 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-05-21 03:44:38 623616 ----a-w- c:\windows\system32\localspl.dll
2010-05-21 03:39:02 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-05-21 03:32:54 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-05-21 03:32:54 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-05-21 03:31:26 904576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-05-21 03:31:25 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2010-05-21 03:31:25 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-05-21 03:31:25 200704 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-05-21 03:31:24 814 ----a-w- c:\windows\system32\wbem\WFP.MOF
2010-05-21 03:31:24 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-05-21 03:26:30 98304 ----a-w- c:\windows\system32\cabview.dll
2010-05-21 03:24:41 37888 ----a-w- c:\windows\system32\printcom.dll
2010-05-21 03:22:40 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-05-21 03:22:01 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-05-21 03:22:01 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-05-21 03:22:01 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-05-21 03:21:11 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-05-21 03:21:11 471552 ----a-w- c:\windows\system32\secproc.dll
2010-05-21 03:21:11 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-05-21 03:21:11 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-05-21 03:21:11 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-05-21 03:21:11 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-05-21 03:21:11 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-05-21 03:21:10 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-05-21 03:21:10 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-05-21 02:54:48 37421056 ----a-w- c:\windows\ocsetup_install_NetFx3.etl
2010-05-21 02:54:48 327680 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.perf
2010-05-21 02:54:48 196608 ----a-w- c:\windows\ocsetup_cbs_install_NetFx3.dpx
2010-05-21 02:52:50 41984 ----a-w- c:\windows\system32\netfxperf.dll
2010-05-21 02:32:07 84480 ----a-w- c:\windows\system32\INETRES.dll
2010-05-21 02:31:44 60928 ----a-w- c:\windows\system32\msasn1.dll
2010-05-21 02:30:49 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2010-05-21 02:30:03 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-05-21 02:30:03 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-05-21 02:30:03 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-05-21 02:27:53 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-05-21 02:27:25 243712 ----a-w- c:\windows\system32\rastls.dll
2010-05-21 02:27:02 355328 ----a-w- c:\windows\system32\WSDApi.dll
2010-05-21 02:26:03 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-05-21 02:26:03 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-05-21 02:26:03 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-05-21 02:26:03 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-05-21 02:26:03 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-05-21 02:26:03 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-05-21 02:26:02 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-05-21 02:26:02 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-05-21 02:26:02 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-05-21 02:26:02 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-05-21 02:25:01 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2010-05-21 02:24:30 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-05-21 02:24:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-21 02:24:28 7680 ----a-w- c:\windows\system32\spwmp.dll
2010-05-21 02:24:28 4096 ----a-w- c:\windows\system32\msdxm.ocx
2010-05-21 02:24:28 4096 ----a-w- c:\windows\system32\dxmasf.dll
2010-05-20 21:36:24 0 d-----w- C:\QUARANTINE
2010-05-20 18:30:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 18:08:52 2421760 ----a-w- c:\windows\system32\wucltux.dll
2010-05-20 18:07:29 87552 ----a-w- c:\windows\system32\wudriver.dll
2010-05-20 18:06:46 33792 ----a-w- c:\windows\system32\wuapp.exe
2010-05-20 18:06:46 171608 ----a-w- c:\windows\system32\wuwebv.dll
2010-05-20 17:11:50 0 d-----w- c:\program files\McDonaldsDragons
2010-05-20 17:10:59 0 d-sh--w- c:\windows\ftpcache
2010-05-20 12:58:39 0 d-----w- c:\windows\Panther
2010-05-20 12:58:25 8192 --s-a-r- C:\BOOTSECT.BAK
2010-05-20 12:58:24 333257 --sha-r- C:\bootmgr
2010-05-20 12:58:23 0 d-sh--w- C:\Boot
2010-05-20 12:50:45 0 d-----w- C:\Windows.old
2010-05-20 12:17:46 87 ---ha-r- c:\windows\ctfile.rfc
2010-05-20 12:17:46 72704 ----a-w- c:\windows\system32\CmdRtr.DLL
2010-05-20 12:17:46 146432 ----a-w- c:\windows\system32\APOMngr.DLL
2010-05-20 12:17:45 94208 ----a-w- c:\windows\system32\RTNUninst32.dll
2010-05-20 12:17:45 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2010-05-20 12:17:13 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-05-20 12:17:09 0 d-----w- c:\program files\common files\Intel
2010-05-20 12:15:57 1783056 ----a-w- c:\windows\system32\WavesLib.dll
2010-05-20 12:15:25 0 d-----w- c:\program files\Realtek
2010-05-20 12:15:23 0 d--h--w- c:\program files\Temp
2010-05-20 12:14:11 53248 ----a-r- c:\windows\system32\CSVer.dll
2010-05-20 12:14:03 0 d-----w- C:\Intel
2010-05-20 12:13:47 0 d--h--w- c:\program files\DeviceVM
2010-05-20 12:13:27 0 d-----w- c:\program files\Gigabyte
2010-05-20 12:12:07 207400 ----a-r- c:\windows\GSetup.exe
2010-05-20 12:12:07 10 ----a-w- c:\windows\GSetup.ini
2010-05-20 12:03:01 355 --sha-r- C:\Boot.ini.saved
2010-05-20 12:00:53 0 d-----w- c:\windows\system32\catroot2
2010-05-20 10:20:28 0 d-----w- C:\logs
2010-05-20 10:20:26 0 d-----w- c:\users\carla\ChikkaDefault
2010-05-20 10:15:31 0 d-----w- c:\program files\Chikka Messenger
2010-05-19 22:09:13 0 d-----w- c:\program files\Creative
2010-05-19 21:57:05 859 ----a-w- c:\users\carla\VLC media player.lnk
2010-05-19 21:57:00 0 d-----w- c:\program files\VideoLAN
2010-05-19 21:56:11 0 d-----w- c:\program files\VistaCodecPack
2010-05-19 21:55:41 0 d-----w- c:\programdata\VistaCodecs
2010-05-19 21:52:46 0 d-----w- C:\WebCam
2010-05-19 21:48:41 24576 ----a-w- c:\windows\system32\CtCamPin.crl
2010-05-19 21:48:31 0 d-----w- c:\windows\CtDrvInstall
2010-05-19 21:47:03 0 d-----r- c:\program files\Skype
2010-05-19 21:46:59 0 d-----w- c:\programdata\Skype
2010-05-19 21:45:21 280 ----a-w- c:\windows\system32\epoPGPsdk.dll.sig
2010-05-19 21:45:21 1495552 ----a-w- c:\windows\system32\epoPGPsdk.dll
2010-05-19 21:45:21 0 d-----w- c:\program files\common files\Cisco Systems
2010-05-19 21:40:44 0 d-----w- c:\programdata\Yahoo! Companion
2010-05-19 21:40:05 0 d-----w- c:\programdata\Yahoo!
2010-05-19 21:39:15 32656 ----a-w- c:\windows\system32\msonpmon.dll
2010-05-19 21:38:11 0 d-----w- c:\program files\Yahoo!
2010-05-19 21:37:58 0 d-----w- c:\windows\PCHEALTH
2010-05-19 21:36:46 0 d-----w- c:\program files\Microsoft Visual Studio 8
2010-05-19 21:36:02 0 d-----w- c:\programdata\Microsoft Help
2010-05-19 21:32:45 0 d-----w- c:\program files\common files\Macrovision Shared
2010-05-19 21:30:23 0 d-----w- c:\programdata\Adobe
2010-05-19 21:29:47 0 d-sh--w- c:\windows\Installer
2010-05-19 21:26:08 16026 ----a-w- c:\windows\system32\results.xml
2010-05-19 21:25:49 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2010-05-19 21:25:49 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2010-05-19 21:25:49 121232 ----a-w- c:\windows\system32\IScrNB.bmp
2010-05-19 21:25:49 0 d-----w- c:\windows\system32\Lang
2010-05-19 21:25:38 17488 ----a-w- c:\windows\gdrv.sys
2010-05-19 21:22:24 25896 ----a-w- c:\windows\system32\drivers\RtlProt.sys
2010-05-19 21:22:24 0 d-----w- c:\windows\system32\TP-LINK Wireless Adapter Driver and Utility
2010-05-19 21:22:24 0 d-----w- c:\program files\TP-LINK

==================== Find3M ====================

2010-05-26 04:47:44 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-26 04:47:44 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-05-26 04:47:44 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-26 04:47:44 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 04:11:06 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-05-26 03:21:26 174 --sha-w- c:\program files\desktop.ini
2010-05-26 03:04:38 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-05-26 03:04:34 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-05-21 02:23:38 17159388 ----a-w- c:\windows\fonts\meiryob.ttc
2010-05-21 02:23:38 16710176 ----a-w- c:\windows\fonts\meiryo.ttc
2010-05-20 12:16:02 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 04:31:05 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-04-09 08:26:12 277240 ----a-w- c:\windows\system32\guard32.dll
2010-04-05 17:01:01 67072 ----a-w- c:\windows\system32\asycfilt.dll
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:17:15.91 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-09 21:48:01
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Carla\AppData\Local\Temp\uglcqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8D3609B6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8D361D34]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8D360BA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8D35FCF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8D36061C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8D35FBCC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8D3603B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8D3619C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8D35F710]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0x8D35F542]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8D361600]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8D35FF8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8D3607F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0x8D35F226]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8D36023C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0x8D35F3BE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8D361094]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8D361348]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8D3617CC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8D35FF26]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8D360128]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS ZwTerminateProcess [0x8D412620]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8D35F910]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8D360CB2]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D4FDAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 82CFC87C 4 Bytes [B6, 09, 36, 8D]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CFC8A0 8 Bytes [34, 1D, 36, 8D, A2, 0B, 36, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82CFC924 4 Bytes JMP 35FCF082
.text ntkrnlpa.exe!KeSetEvent + 1D9 82CFC93C 4 Bytes [1C, 06, 36, 8D]
.text ntkrnlpa.exe!KeSetEvent + 205 82CFC968 4 Bytes [CC, FB, 35, 8D]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82E2728F 5 Bytes JMP 8D4F9536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 82E80038 5 Bytes JMP 8D4FAEC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EE1892 7 Bytes JMP 8D4FDACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1084] ntdll.dll!NtAllocateVirtualMemory 77D84134 5 Bytes JMP 004EF2F0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1212] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [84, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [81, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [87, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71A90F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 71910F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71970F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!SendInput + 4 77882F79 2 Bytes [9C, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[1244] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A00F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[1312] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[1676] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\system32\igfxsrvc.exe[1676] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71820F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71850F5A
.text C:\Windows\system32\igfxsrvc.exe[1676] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 717F0F5A
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[1696] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\System32\igfxpers.exe[1696] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxpers.exe[1696] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\igfxpers.exe[1696] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] WS2_32.dll!connect 778F40D9 6 Bytes JMP 717F0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71820F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2152] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71850F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [84, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [81, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [87, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 71910F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71970F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!SendInput + 4 77882F79 2 Bytes [9C, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A00F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[2156] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71A90F5A
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[2224] kernel32.dll!CreateThread + 1A 77B6C928 4 Bytes CALL 00454DC5 C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtAllocateVirtualMemory 77D84134 5 Bytes JMP 006E7F00 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [84, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [81, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [87, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 7193001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 7199001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 7190001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 7196001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71A2001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!SendInput + 4 77882F79 2 Bytes [9C, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] USER32.dll!keybd_event 778AD972 6 Bytes JMP 719F001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 718A001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 718D001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71AE001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71A5001E
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2260] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71A8001E
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[2276] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2508] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\System32\igfxtray.exe[2508] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxtray.exe[2508] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\igfxtray.exe[2508] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2552] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\System32\hkcmd.exe[2552] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\hkcmd.exe[2552] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\hkcmd.exe[2552] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\hkcmd.exe[2552] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71850F5A
.text C:\Windows\System32\hkcmd.exe[2552] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 717F0F5A
.text C:\Windows\System32\hkcmd.exe[2552] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71820F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2580] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[2848] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71820F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71850F5A
.text C:\Program Files\Secunia\PSI\psi.exe[2848] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 717F0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71850F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 717F0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[3108] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71820F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!LdrLoadDll 77D49390 5 Bytes JMP 010D13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [84, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [81, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [87, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71A90F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 71910F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!SendInput + 4 77882F79 2 Bytes [9C, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3204] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [84, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [81, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [87, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 71910F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!SendInput + 4 77882F79 2 Bytes [9C, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[3212] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3380] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[3380] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[3380] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[3380] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3408] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\system32\Dwm.exe[3408] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\Dwm.exe[3408] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\system32\Dwm.exe[3408] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[3408] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71850F5A
.text C:\Windows\system32\Dwm.exe[3408] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[3408] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3432] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[3432] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[3432] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[3432] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[3432] WS2_32.dll!connect 778F40D9 6 Bytes JMP 717E0F5A
.text C:\Windows\system32\taskeng.exe[3432] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskeng.exe[3432] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71850F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [84, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [81, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [87, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 71910F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71970F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!SendInput + 4 77882F79 2 Bytes [9C, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A00F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[3440] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3488] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Windows\Explorer.EXE[3488] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Windows\Explorer.EXE[3488] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Windows\Explorer.EXE[3488] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\Explorer.EXE[3488] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Windows\Explorer.EXE[3488] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Windows\Explorer.EXE[3488] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Windows\Explorer.EXE[3488] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\Explorer.EXE[3488] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[3488] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Windows\Explorer.EXE[3488] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[3488] WS2_32.dll!connect 778F40D9 6 Bytes JMP 717F0F5A
.text C:\Windows\Explorer.EXE[3488] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71820F5A
.text C:\Windows\Explorer.EXE[3488] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71850F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Users\Carla\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe[3756] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [87, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [8D, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [8A, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [90, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!SendInput + 4 77882F79 2 Bytes [A5, 71]
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] WS2_32.dll!connect 778F40D9 6 Bytes JMP 717F0F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71820F5A
.text C:\Program Files\Microsoft Security Essentials\msseces.exe[4616] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71850F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtCreateFile 77D843D4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtCreateFile + 4 77D843D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtDeleteValueKey 77D847F4 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtDeleteValueKey + 4 77D847F8 2 Bytes [84, 71]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtOpenProcess 77D84C34 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtOpenProcess + 4 77D84C38 2 Bytes [81, 71]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtSetValueKey 77D85454 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ntdll.dll!NtSetValueKey + 4 77D85458 2 Bytes [87, 71]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ADVAPI32.dll!CreateServiceW 77C99EB4 6 Bytes JMP 718B0F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] ADVAPI32.dll!CreateServiceA 77CD72A1 6 Bytes JMP 718E0F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!PostMessageA 7785F8F8 6 Bytes JMP 71940F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!SendMessageA 7785F956 6 Bytes JMP 719A0F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!PostMessageW 7786A175 6 Bytes JMP 71910F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!SendMessageW 77870AED 6 Bytes JMP 71970F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!mouse_event 7788044E 6 Bytes JMP 71A30F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!SendInput 77882F75 3 Bytes [FF, 25, 1E]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!SendInput + 4 77882F79 2 Bytes [9C, 71]
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] USER32.dll!keybd_event 778AD972 6 Bytes JMP 71A00F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] WS2_32.dll!connect 778F40D9 6 Bytes JMP 71AF0F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] WS2_32.dll!WSALookupServiceBeginW 778F4E93 6 Bytes JMP 71A60F5A
.text C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE[5432] WS2_32.dll!listen 778F8CD7 6 Bytes JMP 71A90F5A

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_1033&DEV_0035&REV_01@ClassGUID {36FC9E60-C465-11CF-8056-444553540000}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC1B@ClassGUID {4d36e977-e325-11ce-bfc1-08002be10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC1B@Service pci
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC1B@UpperFilters pcmcia?
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC47@ClassGUID {4d36e977-e325-11ce-bfc1-08002be10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC47@Service pci
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC47@UpperFilters pcmcia?
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_1080&DEV_C693&CC_0C0310@ClassGUID {36FC9E60-C465-11CF-8056-444553540000}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_1080&DEV_C693&CC_0C0310@Service usbohci
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_F098&SUBSYS_F09810DF@ClassGUID {4D36E97B-E325-11CE-BFC1-08002BE10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_F098&SUBSYS_F09810DF@Service elxstor
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_FE12&SUBSYS_FE1210DF@ClassGUID {4D36E97B-E325-11CE-BFC1-08002BE10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_FE12&SUBSYS_FE1210DF@Service elxstor

---- EOF - GMER 1.0.15 ----


Attached Files



BC AdBot (Login to Remove)

 


#2 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:34 AM

Posted 14 June 2010 - 01:49 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE



Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.


  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and re-enable all active protection when done.
-- If you encounter any problems, try running GMER in Safe Mode.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#3 Jourdana

Jourdana
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:34 AM

Posted 14 June 2010 - 04:15 PM

Hi,

Thanks a lot for your reply. Firefox still crashes regularly. Please find below the logs you requested. Thanks again! smile.gif


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-15 00:08:47
Windows 6.0.6002 Service Pack 2
Running: pvhwtuwq.exe; Driver: C:\Users\Carla\AppData\Local\Temp\uglcqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0x8D360510]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcConnectPort [0x8D3618D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAlpcCreatePort [0x8D3606FC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0x8D35F832]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0x8D360176]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0x8D35F70E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0x8D35FEF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0x8D361562]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0x8D35F0F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0x8D36115A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0x8D35FACE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0x8D360352]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0x8D35FD7E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0x8D360BEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0x8D360EA2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0x8D361352]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0x8D35FA68]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0x8D35FC6A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0x8D35F50C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0x8D35F2F6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThreadEx [0x8D36080C]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0x8D79AAC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 119 82CCB87C 4 Bytes [10, 05, 36, 8D]
.text ntkrnlpa.exe!KeSetEvent + 13D 82CCB8A0 8 Bytes [D2, 18, 36, 8D, FC, 06, 36, ...]
.text ntkrnlpa.exe!KeSetEvent + 1C1 82CCB924 4 Bytes [32, F8, 35, 8D]
.text ntkrnlpa.exe!KeSetEvent + 1D9 82CCB93C 4 Bytes [76, 01, 36, 8D]
.text ntkrnlpa.exe!KeSetEvent + 205 82CCB968 4 Bytes [0E, F7, 35, 8D]
.text ...
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 82DF628F 5 Bytes JMP 8D796536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 82E4F038 5 Bytes JMP 8D797EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 82EB0892 7 Bytes JMP 8D79AACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[200] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\Explorer.EXE[200] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\Explorer.EXE[200] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Windows\Explorer.EXE[200] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\Explorer.EXE[200] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\Explorer.EXE[200] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\Explorer.EXE[200] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\Explorer.EXE[200] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\Explorer.EXE[200] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\Explorer.EXE[200] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\Explorer.EXE[200] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\Explorer.EXE[200] WS2_32.dll!connect 777340D9 6 Bytes JMP 70FB0F5A
.text C:\Windows\Explorer.EXE[200] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 70FE0F5A
.text C:\Windows\Explorer.EXE[200] WS2_32.dll!listen 77738CD7 6 Bytes JMP 70F80F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1024] ntdll.dll!NtAllocateVirtualMemory 77564134 5 Bytes JMP 004F7CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Program Files\Secunia\PSI\psi.exe[1268] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] WS2_32.dll!connect 777340D9 6 Bytes JMP 71820F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71850F5A
.text C:\Program Files\Secunia\PSI\psi.exe[1268] WS2_32.dll!listen 77738CD7 6 Bytes JMP 717F0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [84, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [81, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [87, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 71910F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71970F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!SendInput + 4 76342F79 2 Bytes [9C, 71]
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A00F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] WS2_32.dll!connect 777340D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71A90F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] WS2_32.dll!connect 777340D9 6 Bytes JMP 71820F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71850F5A
.text C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] WS2_32.dll!listen 77738CD7 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2008] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\system32\Dwm.exe[2008] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\Dwm.exe[2008] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\system32\Dwm.exe[2008] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\Dwm.exe[2008] WS2_32.dll!connect 777340D9 6 Bytes JMP 71850F5A
.text C:\Windows\system32\Dwm.exe[2008] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\Dwm.exe[2008] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2068] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[2068] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[2068] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[2068] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2080] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\System32\igfxtray.exe[2080] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\igfxtray.exe[2080] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2108] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\System32\hkcmd.exe[2108] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\hkcmd.exe[2108] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\hkcmd.exe[2108] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Windows\System32\hkcmd.exe[2108] WS2_32.dll!connect 777340D9 6 Bytes JMP 71820F5A
.text C:\Windows\System32\hkcmd.exe[2108] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71850F5A
.text C:\Windows\System32\hkcmd.exe[2108] WS2_32.dll!listen 77738CD7 6 Bytes JMP 717F0F5A
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2124] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\System32\igfxpers.exe[2124] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\System32\igfxpers.exe[2124] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\System32\igfxpers.exe[2124] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtAllocateVirtualMemory 77564134 5 Bytes JMP 006ECF90 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [84, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [81, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [87, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 71910F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71970F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!SendInput + 4 76342F79 2 Bytes [9C, 71]
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A00F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] WS2_32.dll!connect 777340D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71A90F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [84, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [81, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [87, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 71910F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71970F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!SendInput + 4 76342F79 2 Bytes [9C, 71]
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A00F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] WS2_32.dll!connect 777340D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2248] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\system32\taskeng.exe[2248] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\taskeng.exe[2248] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\system32\taskeng.exe[2248] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\taskeng.exe[2248] WS2_32.dll!connect 777340D9 6 Bytes JMP 71820F5A
.text C:\Windows\system32\taskeng.exe[2248] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71850F5A
.text C:\Windows\system32\taskeng.exe[2248] WS2_32.dll!listen 77738CD7 6 Bytes JMP 717F0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [84, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [81, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [87, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] WS2_32.dll!connect 777340D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71A90F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 71910F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71970F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!SendInput + 4 76342F79 2 Bytes [9C, 71]
.text C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [84, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [81, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [87, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 71910F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71970F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!SendInput + 4 76342F79 2 Bytes [9C, 71]
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A00F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] WS2_32.dll!connect 777340D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\Windows Sidebar\sidebar.exe[2296] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71A90F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [84, 71]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [81, 71]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [87, 71]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!PostMessageA 7631F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!SendMessageA 7631F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!PostMessageW 7632A175 6 Bytes JMP 71910F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!SendMessageW 76330AED 6 Bytes JMP 71970F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!mouse_event 7634044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!SendInput + 4 76342F79 2 Bytes [9C, 71]
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] user32.dll!keybd_event 7636D972 6 Bytes JMP 71A00F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [87, 71]
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [8D, 71]
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [8A, 71]
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[2548] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [90, 71]
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 719D0F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 71A30F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 719A0F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71A00F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71AC0F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!SendInput + 4 76342F79 2 Bytes [A5, 71]
.text C:\Windows\system32\igfxsrvc.exe[2548] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A90F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 71940F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 71970F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] WS2_32.dll!connect 777340D9 6 Bytes JMP 717F0F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71820F5A
.text C:\Windows\system32\igfxsrvc.exe[2548] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71850F5A
.text C:\Program Files\Emsisoft Anti-Malware\a2service.exe[3124] kernel32.dll!CreateThread + 1A 7653C928 4 Bytes CALL 00454DC5 C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!LdrLoadDll 77529390 5 Bytes JMP 003C13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtCreateFile 775643D4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtCreateFile + 4 775643D8 2 Bytes [7E, 71] {JLE 0x73}
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtDeleteValueKey 775647F4 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtDeleteValueKey + 4 775647F8 2 Bytes [84, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtOpenProcess 77564C34 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtOpenProcess + 4 77564C38 2 Bytes [81, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtSetValueKey 77565454 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ntdll.dll!NtSetValueKey + 4 77565458 2 Bytes [87, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ADVAPI32.dll!CreateServiceW 75F79EB4 6 Bytes JMP 718B0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] ADVAPI32.dll!CreateServiceA 75FB72A1 6 Bytes JMP 718E0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] WS2_32.dll!connect 777340D9 6 Bytes JMP 71AF0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] WS2_32.dll!WSALookupServiceBeginW 77734E93 6 Bytes JMP 71A60F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] WS2_32.dll!listen 77738CD7 6 Bytes JMP 71A90F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!PostMessageA 7631F8F8 6 Bytes JMP 71940F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!SendMessageA 7631F956 6 Bytes JMP 719A0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!PostMessageW 7632A175 6 Bytes JMP 71910F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!SendMessageW 76330AED 6 Bytes JMP 71970F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!mouse_event 7634044E 6 Bytes JMP 71A30F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!SendInput 76342F75 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!SendInput + 4 76342F79 2 Bytes [9C, 71]
.text C:\Program Files\Mozilla Firefox\firefox.exe[5072] USER32.dll!keybd_event 7636D972 6 Bytes JMP 71A00F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 007B0000
IAT C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe[588] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003E0000
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00130002
IAT C:\Windows\system32\services.exe[668] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 00130000
IAT C:\Program Files\Secunia\PSI\psi.exe[1268] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003E0000
IAT C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe[1324] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002B0000
IAT C:\Users\Carla\Downloads\pvhwtuwq.exe[1508] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00380000
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[1592] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00650000
IAT C:\Windows\system32\Dwm.exe[2008] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001D0000
IAT C:\Windows\system32\taskeng.exe[2068] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001E0000
IAT C:\Windows\System32\igfxtray.exe[2080] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003B0000
IAT C:\Windows\System32\hkcmd.exe[2108] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000
IAT C:\Windows\System32\igfxpers.exe[2124] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003C0000
IAT C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe[2148] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 002D0000
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[2168] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00C20000
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01E00000
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!DeleteObject] [0053D4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [0053D440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassW] [0053DE90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!RegisterClassA] [0053DDD0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [0053D930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [0053D8A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!DeleteObject] [0053D4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AdjustWindowRectEx] [0053E210] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!CallWindowProcW] [0053D760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetScrollInfo] [0053D6F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SystemParametersInfoW] [0053E0D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawEdge] [0053E3C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DrawFrameControl] [0053E410] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [0053D4F0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor] [0053D440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!RegisterClassW] [0053DE90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!FillRect] [0053E340] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [0053D930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\SHELL32.dll [USER32.dll!SetScrollInfo] [0053D5E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [GDI32.dll!DeleteObject] [0053D4A0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [0053E650] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [USER32.dll!SystemParametersInfoW] [0053E0D0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSystemMetrics] [0053DF50] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [USER32.dll!GetSysColor] [0053D440] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [USER32.dll!CallWindowProcW] [0053D760] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [USER32.dll!RegisterClassW] [0053DE90] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\ole32.dll [USER32.dll!DefWindowProcW] [0053D930] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [0053E6E0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] [0053E730] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateThread] [0053DD40] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [0053E7C0] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2200] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [0053E610] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
IAT C:\Program Files\TP-LINK\TL-WN313G_353G_353GD\RtWLan.exe[2236] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01B80000
IAT C:\Windows\system32\taskeng.exe[2248] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001E0000
IAT C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe[2256] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01980000
IAT C:\Program Files\Alwil Software\Avast5\AvastUI.exe[2272] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01E80000
IAT C:\Program Files\Common Files\Java\Java Update\jusched.exe[2284] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 003E0000
IAT C:\Program Files\Windows Sidebar\sidebar.exe[2296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 000F0000
IAT C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe[2304] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 01CE0000
IAT C:\Windows\system32\igfxsrvc.exe[2548] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 001A0000
IAT C:\Program Files\Emsisoft Anti-Malware\a2service.exe[3124] @ C:\Windows\system32\shell32.dll [KERNEL32.dll!QueueUserWorkItem] [00454F1C] C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH)
IAT C:\Program Files\Emsisoft Anti-Malware\a2service.exe[3124] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!QueueUserWorkItem] [00454F1C] C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft Anti-Malware Service/Emsi Software GmbH)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[5072] @ C:\Windows\system32\kernel32.dll [ntdll.dll!LdrLoadDll] 00380000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_1033&DEV_0035&REV_01@ClassGUID {36FC9E60-C465-11CF-8056-444553540000}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC1B@ClassGUID {4d36e977-e325-11ce-bfc1-08002be10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC1B@Service pci
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC1B@UpperFilters pcmcia?
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC47@ClassGUID {4d36e977-e325-11ce-bfc1-08002be10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC47@Service pci
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_104C&DEV_AC47@UpperFilters pcmcia?
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_1080&DEV_C693&CC_0C0310@ClassGUID {36FC9E60-C465-11CF-8056-444553540000}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_1080&DEV_C693&CC_0C0310@Service usbohci
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_F098&SUBSYS_F09810DF@ClassGUID {4D36E97B-E325-11CE-BFC1-08002BE10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_F098&SUBSYS_F09810DF@Service elxstor
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_FE12&SUBSYS_FE1210DF@ClassGUID {4D36E97B-E325-11CE-BFC1-08002BE10318}
Reg HKLM\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\PCI#VEN_10DF&DEV_FE12&SUBSYS_FE1210DF@Service elxstor

---- EOF - GMER 1.0.15 ----

Attached Files



#4 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:34 AM

Posted 15 June 2010 - 03:12 PM

Hello, Jourdana
Welcome to the Bleeping Computer Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.

If you do not make a reply in 4-5 days, we will have to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.







Please go here and have a look how you can disable your security software.

Download Combofix from any of the links below but rename it to before saving it to your desktop.

Link 1
Link 2



--------------------------------------------------------------------

Double click on the renamed Combofix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#5 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:34 AM

Posted 19 June 2010 - 04:35 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#6 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:34 AM

Posted 02 July 2010 - 07:59 AM

Reopened by user request.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#7 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:34 AM

Posted 06 July 2010 - 02:37 PM

Still with me?
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image

#8 schrauber

schrauber

    Mr.Mechanic


  • Malware Response Team
  • 24,794 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Munich,Germany
  • Local time:07:34 AM

Posted 10 July 2010 - 05:31 AM

Due to the lack of feedback, this topic is now closed.
If you need this topic reopened, please PM a staff member and we will reopen it for you (include the address of this thread in your request). This applies to the original topic starter only. Everyone else with similar problems, please start a new topic.
regards,
schrauber

Posted Image
Posted Image

If I've not posted back within 48 hrs., feel free to send a PM with your topic link. Thank you!

If I have helped you then please consider donating to continue the fight against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users