Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infected with au_.exe


  • Please log in to reply
25 replies to this topic

#1 copycat

copycat

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 20 July 2012 - 11:10 AM

This is a Windows XP SP3 desktop fully updated using windows update.

Recently I noticed that yahoo toolbar was in the list of programs in the install/uninstall menu. And when I try to uninstall it, the windows task manager windows shows the program au_.exe running and using a lot of the resources. Yahoo toolbar never uninstalls and au_.exe keeps running forever until I end the process with Task manager.

I ran a malwarebytes and avira antivirus scans and both found several infections, after fixing the issues and restarting the system, both do not show any more infections, however the yahoo toolbar and au_.exe issue are still there.

Am I still infected?
If someone could guide me please... Thanks!!

BC AdBot (Login to Remove)

 


#2 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 20 July 2012 - 07:45 PM

Hello,

I will be helping you with your problems. Please be patient while I assist you.

Some points for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do NOT run, install or uninstall any programs, unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

----------------------------------------------

Please do the following:

Step 1

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe on your desktop to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click on change parameters
  • Check the boxes next to Verify file digital signatures and Detect TDLFS file system, then click OK.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do NOT choose Delete or Quarantine unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Step 2

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


Step 4

Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
  • List Restore points
NOTE: When using "Reset FF Proxy Settings" option Firefox should be closed.

Click Go and post the full contents of the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#3 copycat

copycat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 20 July 2012 - 09:11 PM

Step 1.......................................................................

20:22:35.0780 5904 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
20:22:37.0780 5904 ============================================================
20:22:37.0780 5904 Current date / time: 2012/07/20 20:22:37.0780
20:22:37.0780 5904 SystemInfo:
20:22:37.0780 5904
20:22:37.0780 5904 OS Version: 5.1.2600 ServicePack: 3.0
20:22:37.0780 5904 Product type: Workstation
20:22:37.0780 5904 ComputerName: CHOMPUXP
20:22:37.0780 5904 UserName: Torreon
20:22:37.0780 5904 Windows directory: C:\WINDOWS
20:22:37.0780 5904 System windows directory: C:\WINDOWS
20:22:37.0780 5904 Processor architecture: Intel x86
20:22:37.0780 5904 Number of processors: 1
20:22:37.0780 5904 Page size: 0x1000
20:22:37.0780 5904 Boot type: Normal boot
20:22:37.0780 5904 ============================================================
20:22:38.0967 5904 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
20:22:38.0983 5904 ============================================================
20:22:38.0983 5904 \Device\Harddisk0\DR0:
20:22:38.0983 5904 MBR partitions:
20:22:38.0983 5904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xFFFAC05
20:22:38.0983 5904 ============================================================
20:22:38.0998 5904 C: <-> \Device\Harddisk0\DR0\Partition0
20:22:38.0998 5904 ============================================================
20:22:38.0998 5904 Initialize success
20:22:38.0998 5904 ============================================================
20:22:51.0967 6132 ============================================================
20:22:51.0967 6132 Scan started
20:22:51.0967 6132 Mode: Manual; SigCheck; TDLFS;
20:22:51.0967 6132 ============================================================
20:22:52.0326 6132 433b09ba - ok
20:22:52.0342 6132 Abiosdsk - ok
20:22:52.0342 6132 abp480n5 - ok
20:22:52.0420 6132 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
20:22:52.0826 6132 ACPI - ok
20:22:52.0858 6132 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
20:22:52.0998 6132 ACPIEC - ok
20:22:53.0076 6132 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
20:22:53.0108 6132 AdobeFlashPlayerUpdateSvc - ok
20:22:53.0108 6132 adpu160m - ok
20:22:53.0170 6132 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
20:22:53.0326 6132 aec - ok
20:22:53.0373 6132 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
20:22:53.0436 6132 AFD - ok
20:22:53.0436 6132 Aha154x - ok
20:22:53.0451 6132 aic78u2 - ok
20:22:53.0451 6132 aic78xx - ok
20:22:53.0498 6132 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
20:22:53.0639 6132 Alerter - ok
20:22:53.0670 6132 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
20:22:53.0764 6132 ALG - ok
20:22:53.0764 6132 AliIde - ok
20:22:53.0795 6132 amsint - ok
20:22:53.0920 6132 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files\Avira\AntiVir Desktop\sched.exe
20:22:53.0936 6132 AntiVirSchedulerService - ok
20:22:53.0998 6132 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
20:22:54.0014 6132 AntiVirService - ok
20:22:54.0045 6132 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
20:22:54.0186 6132 AppMgmt - ok
20:22:54.0186 6132 asc - ok
20:22:54.0201 6132 asc3350p - ok
20:22:54.0217 6132 asc3550 - ok
20:22:54.0326 6132 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
20:22:54.0358 6132 aspnet_state - ok
20:22:54.0389 6132 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
20:22:54.0576 6132 AsyncMac - ok
20:22:54.0623 6132 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
20:22:54.0795 6132 atapi - ok
20:22:54.0811 6132 Atdisk - ok
20:22:54.0842 6132 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
20:22:55.0030 6132 Atmarpc - ok
20:22:55.0092 6132 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
20:22:55.0264 6132 AudioSrv - ok
20:22:55.0295 6132 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
20:22:55.0420 6132 audstub - ok
20:22:55.0467 6132 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
20:22:55.0483 6132 avgio - ok
20:22:55.0498 6132 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
20:22:55.0561 6132 avgntflt - ok
20:22:55.0592 6132 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
20:22:55.0608 6132 avipbb - ok
20:22:55.0655 6132 Bcim (8e8dc22528e88c5fa1af22a69a8cf1be) C:\WINDOWS\system32\DRIVERS\bcim.sys
20:22:55.0717 6132 Bcim ( UnsignedFile.Multi.Generic ) - warning
20:22:55.0717 6132 Bcim - detected UnsignedFile.Multi.Generic (1)
20:22:55.0811 6132 bcserver (4338c90e69f4f04250b7434b7e528eef) C:\Program Files\Traffic Shaper XP Server\bcserver.service
20:22:55.0842 6132 bcserver ( UnsignedFile.Multi.Generic ) - warning
20:22:55.0842 6132 bcserver - detected UnsignedFile.Multi.Generic (1)
20:22:55.0873 6132 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
20:22:56.0045 6132 Beep - ok
20:22:56.0076 6132 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
20:22:56.0295 6132 BITS - ok
20:22:56.0342 6132 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
20:22:56.0514 6132 Browser - ok
20:22:56.0545 6132 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
20:22:56.0717 6132 cbidf2k - ok
20:22:56.0764 6132 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
20:22:56.0936 6132 CCDECODE - ok
20:22:56.0936 6132 cd20xrnt - ok
20:22:56.0983 6132 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
20:22:57.0123 6132 Cdaudio - ok
20:22:57.0170 6132 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
20:22:57.0342 6132 Cdfs - ok
20:22:57.0358 6132 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
20:22:57.0576 6132 Cdrom - ok
20:22:57.0592 6132 Changer - ok
20:22:57.0608 6132 cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
20:22:57.0795 6132 cisvc - ok
20:22:57.0811 6132 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
20:22:57.0998 6132 ClipSrv - ok
20:22:58.0139 6132 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:22:58.0155 6132 clr_optimization_v2.0.50727_32 - ok
20:22:58.0248 6132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:22:58.0264 6132 clr_optimization_v4.0.30319_32 - ok
20:22:58.0467 6132 cmdAgent (907324001ae25ac5959c91eaa34cabae) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
20:22:58.0545 6132 cmdAgent - ok
20:22:58.0733 6132 cmdGuard (bee235831f8e3f0baaca18b39d285cf5) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
20:22:58.0764 6132 cmdGuard - ok
20:22:58.0764 6132 cmdHlp (de548946f36cab62fec2e6aa0149a619) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
20:22:58.0780 6132 cmdHlp - ok
20:22:58.0795 6132 CmdIde - ok
20:22:58.0811 6132 COMSysApp - ok
20:22:58.0826 6132 Cpqarray - ok
20:22:58.0920 6132 cpudrv (d01f685f8b4598d144b0cce9ff95d8d5) C:\Program Files\SystemRequirementsLab\cpudrv.sys
20:22:58.0936 6132 cpudrv - ok
20:22:58.0967 6132 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
20:22:59.0170 6132 CryptSvc - ok
20:22:59.0170 6132 dac2w2k - ok
20:22:59.0186 6132 dac960nt - ok
20:22:59.0233 6132 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:22:59.0326 6132 DcomLaunch - ok
20:22:59.0373 6132 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
20:22:59.0545 6132 Dhcp - ok
20:22:59.0561 6132 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
20:22:59.0717 6132 Disk - ok
20:22:59.0733 6132 dmadmin - ok
20:22:59.0842 6132 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
20:23:00.0014 6132 dmboot - ok
20:23:00.0030 6132 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
20:23:00.0170 6132 dmio - ok
20:23:00.0201 6132 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
20:23:00.0358 6132 dmload - ok
20:23:00.0373 6132 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
20:23:00.0545 6132 dmserver - ok
20:23:00.0561 6132 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
20:23:00.0733 6132 DMusic - ok
20:23:00.0780 6132 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
20:23:00.0811 6132 Dnscache - ok
20:23:00.0858 6132 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
20:23:00.0998 6132 Dot3svc - ok
20:23:01.0030 6132 dpti2o - ok
20:23:01.0045 6132 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
20:23:01.0233 6132 drmkaud - ok
20:23:01.0280 6132 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
20:23:01.0420 6132 EapHost - ok
20:23:01.0436 6132 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
20:23:01.0592 6132 ERSvc - ok
20:23:01.0623 6132 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:23:01.0655 6132 Eventlog - ok
20:23:01.0717 6132 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
20:23:01.0764 6132 EventSystem - ok
20:23:01.0811 6132 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
20:23:01.0936 6132 Fastfat - ok
20:23:01.0983 6132 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:23:02.0030 6132 FastUserSwitchingCompatibility - ok
20:23:02.0061 6132 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
20:23:02.0264 6132 Fdc - ok
20:23:02.0280 6132 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
20:23:02.0420 6132 Fips - ok
20:23:02.0561 6132 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
20:23:02.0592 6132 FLEXnet Licensing Service - ok
20:23:02.0623 6132 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
20:23:02.0780 6132 Flpydisk - ok
20:23:02.0826 6132 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
20:23:02.0967 6132 FltMgr - ok
20:23:03.0061 6132 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
20:23:03.0076 6132 FontCache3.0.0.0 - ok
20:23:03.0108 6132 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
20:23:03.0139 6132 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - warning
20:23:03.0139 6132 FsUsbExDisk - detected UnsignedFile.Multi.Generic (1)
20:23:03.0170 6132 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
20:23:03.0311 6132 Fs_Rec - ok
20:23:03.0358 6132 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
20:23:03.0576 6132 Ftdisk - ok
20:23:03.0608 6132 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
20:23:03.0748 6132 Gpc - ok
20:23:03.0826 6132 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:23:03.0842 6132 gupdate - ok
20:23:03.0858 6132 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
20:23:03.0873 6132 gupdatem - ok
20:23:03.0920 6132 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
20:23:04.0076 6132 HDAudBus - ok
20:23:04.0108 6132 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
20:23:04.0295 6132 helpsvc - ok
20:23:04.0342 6132 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
20:23:04.0467 6132 HidServ - ok
20:23:04.0498 6132 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
20:23:04.0701 6132 hidusb - ok
20:23:04.0733 6132 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
20:23:04.0889 6132 hkmsvc - ok
20:23:04.0905 6132 hpn - ok
20:23:04.0920 6132 hpt3xx - ok
20:23:04.0951 6132 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
20:23:04.0998 6132 HPZid412 - ok
20:23:05.0030 6132 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
20:23:05.0076 6132 HPZipr12 - ok
20:23:05.0108 6132 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
20:23:05.0139 6132 HPZius12 - ok
20:23:05.0186 6132 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
20:23:05.0233 6132 HTTP - ok
20:23:05.0264 6132 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
20:23:05.0451 6132 HTTPFilter - ok
20:23:05.0451 6132 i2omgmt - ok
20:23:05.0467 6132 i2omp - ok
20:23:05.0498 6132 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
20:23:05.0655 6132 i8042prt - ok
20:23:05.0764 6132 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
20:23:05.0826 6132 idsvc - ok
20:23:05.0858 6132 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
20:23:06.0030 6132 Imapi - ok
20:23:06.0061 6132 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
20:23:06.0217 6132 ImapiService - ok
20:23:06.0233 6132 ini910u - ok
20:23:06.0280 6132 Inspect (f89849cf13805ef49da64a8a63193af7) C:\WINDOWS\system32\DRIVERS\inspect.sys
20:23:06.0311 6132 Inspect - ok
20:23:06.0608 6132 IntcAzAudAddService (14b48553be78472d2bd3a518658a1710) C:\WINDOWS\system32\drivers\RtkHDAud.sys
20:23:06.0795 6132 IntcAzAudAddService - ok
20:23:06.0936 6132 IntelIde - ok
20:23:06.0967 6132 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
20:23:07.0155 6132 intelppm - ok
20:23:07.0170 6132 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
20:23:07.0373 6132 ip6fw - ok
20:23:07.0405 6132 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
20:23:07.0576 6132 IpFilterDriver - ok
20:23:07.0592 6132 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
20:23:07.0733 6132 IpInIp - ok
20:23:07.0780 6132 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
20:23:07.0951 6132 IpNat - ok
20:23:07.0967 6132 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
20:23:08.0139 6132 IPSec - ok
20:23:08.0170 6132 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
20:23:08.0248 6132 IRENUM - ok
20:23:08.0280 6132 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
20:23:08.0498 6132 isapnp - ok
20:23:08.0576 6132 IviRegMgr (213822072085b5bbad9af30ab577d817) C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
20:23:08.0592 6132 IviRegMgr - ok
20:23:08.0670 6132 JavaQuickStarterService (5472d771c0197355c1d347f20392b982) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
20:23:08.0686 6132 JavaQuickStarterService - ok
20:23:08.0733 6132 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
20:23:08.0873 6132 Kbdclass - ok
20:23:08.0920 6132 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
20:23:09.0076 6132 kbdhid - ok
20:23:09.0123 6132 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
20:23:09.0264 6132 kmixer - ok
20:23:09.0295 6132 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
20:23:09.0326 6132 KSecDD - ok
20:23:09.0373 6132 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
20:23:09.0420 6132 lanmanserver - ok
20:23:09.0467 6132 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
20:23:09.0545 6132 lanmanworkstation - ok
20:23:09.0561 6132 lbrtfdc - ok
20:23:09.0608 6132 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
20:23:09.0795 6132 LmHosts - ok
20:23:09.0811 6132 LMIInfo - ok
20:23:09.0842 6132 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
20:23:09.0858 6132 lmimirr - ok
20:23:09.0858 6132 LMIRfsClientNP - ok
20:23:09.0873 6132 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
20:23:09.0889 6132 LMIRfsDriver - ok
20:23:09.0920 6132 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
20:23:09.0936 6132 LVPr2Mon - ok
20:23:09.0998 6132 LVPrcSrv (0ddfdcaa92c7f553328db06ba599bea9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:23:10.0014 6132 LVPrcSrv - ok
20:23:10.0061 6132 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
20:23:10.0076 6132 LVRS - ok
20:23:10.0123 6132 mcdbus (8fd868e32459ece2a1bb0169f513d31e) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
20:23:10.0139 6132 mcdbus ( UnsignedFile.Multi.Generic ) - warning
20:23:10.0139 6132 mcdbus - detected UnsignedFile.Multi.Generic (1)
20:23:10.0170 6132 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
20:23:10.0358 6132 Messenger - ok
20:23:10.0389 6132 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
20:23:10.0545 6132 mnmdd - ok
20:23:10.0576 6132 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
20:23:10.0764 6132 mnmsrvc - ok
20:23:10.0795 6132 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
20:23:10.0951 6132 Modem - ok
20:23:10.0967 6132 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
20:23:11.0108 6132 Mouclass - ok
20:23:11.0155 6132 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
20:23:11.0295 6132 mouhid - ok
20:23:11.0326 6132 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
20:23:11.0498 6132 MountMgr - ok
20:23:11.0530 6132 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
20:23:11.0717 6132 MPE - ok
20:23:11.0733 6132 mraid35x - ok
20:23:11.0748 6132 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
20:23:11.0951 6132 MRxDAV - ok
20:23:11.0998 6132 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
20:23:12.0045 6132 MRxSmb - ok
20:23:12.0092 6132 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
20:23:12.0248 6132 MSDTC - ok
20:23:12.0280 6132 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
20:23:12.0420 6132 Msfs - ok
20:23:12.0451 6132 MSHUSBVideo (5119ffc2a6b51089cdb0efdc75808c97) C:\WINDOWS\system32\Drivers\nx6000.sys
20:23:12.0467 6132 MSHUSBVideo - ok
20:23:12.0483 6132 MSIServer - ok
20:23:12.0545 6132 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
20:23:12.0686 6132 MSKSSRV - ok
20:23:12.0748 6132 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
20:23:12.0905 6132 MSPCLOCK - ok
20:23:12.0951 6132 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
20:23:13.0076 6132 MSPQM - ok
20:23:13.0108 6132 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
20:23:13.0311 6132 mssmbios - ok
20:23:13.0342 6132 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
20:23:13.0498 6132 MSTEE - ok
20:23:13.0530 6132 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
20:23:13.0561 6132 Mup - ok
20:23:13.0608 6132 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
20:23:13.0764 6132 NABTSFEC - ok
20:23:13.0811 6132 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
20:23:13.0998 6132 napagent - ok
20:23:14.0045 6132 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
20:23:14.0201 6132 NDIS - ok
20:23:14.0217 6132 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
20:23:14.0436 6132 NdisIP - ok
20:23:14.0483 6132 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
20:23:14.0498 6132 NdisTapi - ok
20:23:14.0514 6132 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
20:23:14.0670 6132 Ndisuio - ok
20:23:14.0701 6132 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
20:23:14.0842 6132 NdisWan - ok
20:23:14.0873 6132 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
20:23:14.0889 6132 NDProxy - ok
20:23:14.0936 6132 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\WINDOWS\System32\HPZinw12.dll
20:23:14.0951 6132 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:23:14.0951 6132 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:23:14.0967 6132 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
20:23:15.0139 6132 NetBIOS - ok
20:23:15.0170 6132 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
20:23:15.0295 6132 NetBT - ok
20:23:15.0342 6132 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:23:15.0498 6132 NetDDE - ok
20:23:15.0514 6132 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
20:23:15.0701 6132 NetDDEdsdm - ok
20:23:15.0733 6132 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:23:15.0889 6132 Netlogon - ok
20:23:15.0920 6132 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
20:23:16.0092 6132 Netman - ok
20:23:16.0201 6132 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
20:23:16.0233 6132 NetTcpPortSharing - ok
20:23:16.0295 6132 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
20:23:16.0342 6132 Nla - ok
20:23:16.0451 6132 NMIndexingService (1bef5464c06f4af0c704378824c52adb) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
20:23:16.0483 6132 NMIndexingService - ok
20:23:16.0514 6132 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
20:23:16.0655 6132 Npfs - ok
20:23:16.0701 6132 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
20:23:16.0889 6132 Ntfs - ok
20:23:16.0889 6132 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:23:17.0045 6132 NtLmSsp - ok
20:23:17.0092 6132 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
20:23:17.0264 6132 NtmsSvc - ok
20:23:17.0295 6132 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
20:23:17.0420 6132 Null - ok
20:23:18.0092 6132 nv (8b2c874897ea498da012284e12f9db2b) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
20:23:18.0451 6132 nv - ok
20:23:18.0576 6132 NVSvc (32f7dec3729b3bae66eebcab7b03b18f) C:\WINDOWS\system32\nvsvc32.exe
20:23:18.0592 6132 NVSvc - ok
20:23:18.0811 6132 nvUpdatusService (2cc4e45b0eb4c48392cec9c83b5b8e3b) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
20:23:18.0936 6132 nvUpdatusService - ok
20:23:19.0045 6132 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
20:23:19.0264 6132 NwlnkFlt - ok
20:23:19.0280 6132 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
20:23:19.0436 6132 NwlnkFwd - ok
20:23:19.0561 6132 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:23:19.0592 6132 odserv - ok
20:23:19.0623 6132 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:23:19.0655 6132 ose - ok
20:23:19.0733 6132 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
20:23:19.0889 6132 Parport - ok
20:23:19.0920 6132 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
20:23:20.0076 6132 PartMgr - ok
20:23:20.0108 6132 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
20:23:20.0264 6132 ParVdm - ok
20:23:20.0311 6132 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
20:23:20.0498 6132 PCI - ok
20:23:20.0498 6132 PCIDump - ok
20:23:20.0514 6132 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
20:23:20.0655 6132 PCIIde - ok
20:23:20.0670 6132 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
20:23:20.0826 6132 Pcmcia - ok
20:23:20.0858 6132 pctvnet (84dcaa9bc5950f53905a032d99474236) C:\WINDOWS\system32\DRIVERS\pctvnet.sys
20:23:20.0873 6132 pctvnet ( UnsignedFile.Multi.Generic ) - warning
20:23:20.0873 6132 pctvnet - detected UnsignedFile.Multi.Generic (1)
20:23:20.0873 6132 PDCOMP - ok
20:23:20.0889 6132 PDFRAME - ok
20:23:20.0905 6132 PDRELI - ok
20:23:20.0905 6132 PDRFRAME - ok
20:23:20.0951 6132 pepifilter (b20f958b207e6aaac5f70d04dd2c30d8) C:\WINDOWS\system32\DRIVERS\lv302af.sys
20:23:20.0967 6132 pepifilter - ok
20:23:20.0983 6132 perc2 - ok
20:23:20.0998 6132 perc2hib - ok
20:23:21.0217 6132 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\WINDOWS\system32\DRIVERS\LV302V32.SYS
20:23:21.0326 6132 PID_PEPI - ok
20:23:21.0483 6132 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
20:23:21.0530 6132 PlugPlay - ok
20:23:21.0576 6132 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\WINDOWS\System32\HPZipm12.dll
20:23:21.0592 6132 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
20:23:21.0592 6132 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
20:23:21.0623 6132 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
20:23:21.0764 6132 PolicyAgent - ok
20:23:21.0795 6132 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
20:23:21.0967 6132 PptpMiniport - ok
20:23:21.0998 6132 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
20:23:22.0170 6132 Processor - ok
20:23:22.0186 6132 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:23:22.0311 6132 ProtectedStorage - ok
20:23:22.0342 6132 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
20:23:22.0483 6132 PSched - ok
20:23:22.0514 6132 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
20:23:22.0639 6132 Ptilink - ok
20:23:22.0655 6132 ql1080 - ok
20:23:22.0655 6132 Ql10wnt - ok
20:23:22.0670 6132 ql12160 - ok
20:23:22.0670 6132 ql1240 - ok
20:23:22.0717 6132 ql1280 - ok
20:23:22.0748 6132 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
20:23:22.0889 6132 RasAcd - ok
20:23:22.0920 6132 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
20:23:23.0076 6132 RasAuto - ok
20:23:23.0092 6132 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
20:23:23.0248 6132 Rasl2tp - ok
20:23:23.0295 6132 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
20:23:23.0467 6132 RasMan - ok
20:23:23.0483 6132 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
20:23:23.0655 6132 RasPppoe - ok
20:23:23.0670 6132 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
20:23:23.0811 6132 Raspti - ok
20:23:23.0873 6132 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
20:23:24.0045 6132 Rdbss - ok
20:23:24.0045 6132 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
20:23:24.0186 6132 RDPCDD - ok
20:23:24.0217 6132 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
20:23:24.0358 6132 rdpdr - ok
20:23:24.0405 6132 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
20:23:24.0436 6132 RDPWD - ok
20:23:24.0483 6132 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
20:23:24.0623 6132 RDSessMgr - ok
20:23:24.0639 6132 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
20:23:24.0811 6132 redbook - ok
20:23:24.0842 6132 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
20:23:24.0998 6132 RemoteAccess - ok
20:23:25.0014 6132 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
20:23:25.0186 6132 RemoteRegistry - ok
20:23:25.0186 6132 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
20:23:25.0326 6132 RpcLocator - ok
20:23:25.0389 6132 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
20:23:25.0420 6132 RpcSs - ok
20:23:25.0436 6132 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
20:23:25.0561 6132 RSVP - ok
20:23:25.0623 6132 RT61 (57f390bf7af0f68bb804387cbc3a4f0d) C:\WINDOWS\system32\DRIVERS\RT61.sys
20:23:25.0655 6132 RT61 - ok
20:23:25.0701 6132 RTL8023xp (6164f7cff5bd381fda94badc417832c6) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
20:23:25.0733 6132 RTL8023xp - ok
20:23:25.0764 6132 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
20:23:25.0920 6132 rtl8139 - ok
20:23:25.0951 6132 RTLE8023xp (79b4fe884c18dd82d5449f6b6026d092) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
20:23:26.0014 6132 RTLE8023xp - ok
20:23:26.0045 6132 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
20:23:26.0186 6132 SamSs - ok
20:23:26.0217 6132 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
20:23:26.0405 6132 SCardSvr - ok
20:23:26.0436 6132 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
20:23:26.0576 6132 Schedule - ok
20:23:26.0733 6132 SDScannerService (43d29ecb8137eeae30b0970bbc7a5500) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
20:23:26.0780 6132 SDScannerService - ok
20:23:26.0905 6132 SDUpdateService (6b859b122e85c2c833e6d8c5dc4b07f3) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:23:26.0967 6132 SDUpdateService - ok
20:23:27.0092 6132 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
20:23:27.0186 6132 Secdrv - ok
20:23:27.0233 6132 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
20:23:27.0389 6132 seclogon - ok
20:23:27.0436 6132 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
20:23:27.0623 6132 SENS - ok
20:23:27.0670 6132 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
20:23:27.0826 6132 Serial - ok
20:23:27.0889 6132 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
20:23:28.0045 6132 Sfloppy - ok
20:23:28.0092 6132 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
20:23:28.0248 6132 SharedAccess - ok
20:23:28.0280 6132 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:23:28.0311 6132 ShellHWDetection - ok
20:23:28.0326 6132 Simbad - ok
20:23:28.0358 6132 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
20:23:28.0530 6132 SLIP - ok
20:23:28.0561 6132 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
20:23:28.0764 6132 SONYPVU1 - ok
20:23:28.0764 6132 Sparrow - ok
20:23:28.0811 6132 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
20:23:28.0967 6132 splitter - ok
20:23:29.0014 6132 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
20:23:29.0030 6132 Spooler - ok
20:23:29.0076 6132 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
20:23:29.0170 6132 sr - ok
20:23:29.0201 6132 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
20:23:29.0311 6132 srservice - ok
20:23:29.0358 6132 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
20:23:29.0389 6132 Srv - ok
20:23:29.0436 6132 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
20:23:29.0498 6132 SSDPSRV - ok
20:23:29.0530 6132 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
20:23:29.0545 6132 ssmdrv - ok
20:23:29.0576 6132 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
20:23:29.0717 6132 StillCam - ok
20:23:29.0780 6132 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
20:23:29.0936 6132 stisvc - ok
20:23:29.0967 6132 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
20:23:30.0123 6132 streamip - ok
20:23:30.0170 6132 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
20:23:30.0326 6132 swenum - ok
20:23:30.0373 6132 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
20:23:30.0530 6132 swmidi - ok
20:23:30.0530 6132 SwPrv - ok
20:23:30.0545 6132 symc810 - ok
20:23:30.0561 6132 symc8xx - ok
20:23:30.0576 6132 sym_hi - ok
20:23:30.0576 6132 sym_u3 - ok
20:23:30.0623 6132 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
20:23:30.0670 6132 SynTP - ok
20:23:30.0717 6132 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
20:23:30.0873 6132 sysaudio - ok
20:23:30.0920 6132 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
20:23:31.0092 6132 SysmonLog - ok
20:23:31.0123 6132 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
20:23:31.0280 6132 TapiSrv - ok
20:23:31.0326 6132 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
20:23:31.0358 6132 Tcpip - ok
20:23:31.0405 6132 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
20:23:31.0545 6132 TDPIPE - ok
20:23:31.0576 6132 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
20:23:31.0717 6132 TDTCP - ok
20:23:31.0748 6132 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
20:23:31.0905 6132 TermDD - ok
20:23:31.0951 6132 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
20:23:32.0092 6132 TermService - ok
20:23:32.0139 6132 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
20:23:32.0155 6132 Themes - ok
20:23:32.0186 6132 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
20:23:32.0295 6132 TlntSvr - ok
20:23:32.0311 6132 TosIde - ok
20:23:32.0358 6132 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
20:23:32.0545 6132 TrkWks - ok
20:23:32.0576 6132 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
20:23:32.0748 6132 Udfs - ok
20:23:32.0764 6132 ultra - ok
20:23:32.0826 6132 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
20:23:32.0983 6132 Update - ok
20:23:33.0014 6132 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
20:23:33.0123 6132 upnphost - ok
20:23:33.0139 6132 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
20:23:33.0311 6132 UPS - ok
20:23:33.0342 6132 USB28xxBGA (9b01ce1eda6ad1acfd4f865d6cb0a790) C:\WINDOWS\system32\DRIVERS\emBDA.sys
20:23:33.0389 6132 USB28xxBGA - ok
20:23:33.0436 6132 USB28xxOEM (c93e4f6bd1cbd163662e7c9be021b895) C:\WINDOWS\system32\DRIVERS\emOEM.sys
20:23:33.0467 6132 USB28xxOEM - ok
20:23:33.0530 6132 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
20:23:33.0670 6132 usbaudio - ok
20:23:33.0701 6132 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
20:23:33.0858 6132 usbccgp - ok
20:23:33.0889 6132 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
20:23:34.0045 6132 usbehci - ok
20:23:34.0076 6132 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
20:23:34.0217 6132 usbhub - ok
20:23:34.0248 6132 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
20:23:34.0389 6132 usbprint - ok
20:23:34.0405 6132 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
20:23:34.0576 6132 usbscan - ok
20:23:34.0608 6132 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
20:23:34.0764 6132 USBSTOR - ok
20:23:34.0811 6132 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20:23:34.0951 6132 usbuhci - ok
20:23:34.0983 6132 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
20:23:35.0108 6132 usbvideo - ok
20:23:35.0123 6132 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
20:23:35.0280 6132 VgaSave - ok
20:23:35.0295 6132 ViaIde - ok
20:23:35.0311 6132 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
20:23:35.0436 6132 VolSnap - ok
20:23:35.0514 6132 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
20:23:35.0592 6132 VSS - ok
20:23:35.0655 6132 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
20:23:35.0811 6132 W32Time - ok
20:23:35.0826 6132 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
20:23:35.0998 6132 Wanarp - ok
20:23:35.0998 6132 WDICA - ok
20:23:36.0045 6132 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
20:23:36.0170 6132 wdmaud - ok
20:23:36.0186 6132 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
20:23:36.0326 6132 WebClient - ok
20:23:36.0420 6132 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
20:23:36.0545 6132 winmgmt - ok
20:23:36.0623 6132 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
20:23:36.0686 6132 WinRM - ok
20:23:36.0748 6132 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
20:23:36.0764 6132 WmdmPmSN - ok
20:23:36.0826 6132 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
20:23:36.0873 6132 Wmi - ok
20:23:36.0936 6132 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
20:23:37.0123 6132 WmiApSrv - ok
20:23:37.0248 6132 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
20:23:37.0295 6132 WMPNetworkSvc - ok
20:23:37.0514 6132 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
20:23:37.0561 6132 WPFFontCache_v0400 - ok
20:23:37.0655 6132 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
20:23:37.0826 6132 wscsvc - ok
20:23:37.0873 6132 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
20:23:38.0045 6132 WSTCODEC - ok
20:23:38.0092 6132 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
20:23:38.0248 6132 wuauserv - ok
20:23:38.0280 6132 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
20:23:38.0358 6132 WudfPf - ok
20:23:38.0389 6132 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
20:23:38.0405 6132 WudfRd - ok
20:23:38.0451 6132 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
20:23:38.0483 6132 WudfSvc - ok
20:23:38.0545 6132 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
20:23:38.0701 6132 WZCSVC - ok
20:23:38.0733 6132 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
20:23:38.0889 6132 xmlprov - ok
20:23:38.0920 6132 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
20:23:39.0483 6132 \Device\Harddisk0\DR0 - ok
20:23:39.0498 6132 Boot (0x1200) (3935acc32dc0d30c2d97e52e0cd9cd9b) \Device\Harddisk0\DR0\Partition0
20:23:39.0498 6132 \Device\Harddisk0\DR0\Partition0 - ok
20:23:39.0498 6132 ============================================================
20:23:39.0498 6132 Scan finished
20:23:39.0498 6132 ============================================================
20:23:39.0639 5584 Detected object count: 7
20:23:39.0639 5584 Actual detected object count: 7
20:24:11.0233 5584 Bcim ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:11.0233 5584 Bcim ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:11.0233 5584 bcserver ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:11.0233 5584 bcserver ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:11.0248 5584 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:11.0248 5584 FsUsbExDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:11.0248 5584 mcdbus ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:11.0248 5584 mcdbus ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:11.0248 5584 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:11.0248 5584 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:11.0264 5584 pctvnet ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:11.0280 5584 pctvnet ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:11.0280 5584 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
20:24:11.0280 5584 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:24:17.0514 5896 Deinitialize success

Step 2.......................................................................

I got the following error when trying to run the file from my desktop
"Windows cannot find '"SecurityCheck/SecurityCheck.bat'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

Step 3.......................................................................

Farbar Service Scanner Version: 19-07-2012
Ran by Torreon (administrator) on 20-07-2012 at 20:38:40
Running from "C:\Documents and Settings\Torreon\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error: Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is set to Disabled. The default start type is Auto.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.


Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Bcim(8) cmdHlp(10) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4)
0x0B00000005000000010000000200000003000000040000000A000000090000000B000000060000000700000008000000
IpSec Tag value is correct.

**** End of log ****

Step 4.......................................................................


MiniToolBox by Farbar Version: 15-07-2012
Ran by Torreon (administrator) on 20-07-2012 at 20:43:55
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net 209-34-83-73.ood.opsource.net practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp
127.0.0.1 practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com
127.0.0.1 wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 15261 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Realtek PCIe FE Family Controller = Local Area Connection 2 (Disconnected)
Ralink Turbo Wireless LAN Card = Wireless Network Connection 2 (Connected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Wireless Network Connection 2"

set address name="Wireless Network Connection 2" source=dhcp
set dns name="Wireless Network Connection 2" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection 2" source=dhcp


popd
# End of interface IP configuration




Windows IP Configuration



Host Name . . . . . . . . . . . . : ChompuXP

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Wireless Network Connection 2:



Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Ralink Turbo Wireless LAN Card

Physical Address. . . . . . . . . : 00-0C-0A-49-9B-1C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.0.6

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.0.1

DHCP Server . . . . . . . . . . . : 192.168.0.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Friday, July 20, 2012 8:43:43 PM

Lease Expires . . . . . . . . . . : Friday, July 20, 2012 9:43:43 PM

DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.227.96, 74.125.227.97, 74.125.227.98, 74.125.227.99
74.125.227.100, 74.125.227.101, 74.125.227.102, 74.125.227.103, 74.125.227.104
74.125.227.105, 74.125.227.110



Pinging google.com [74.125.227.71] with 32 bytes of data:



Reply from 74.125.227.71: bytes=32 time=439ms TTL=49

Reply from 74.125.227.71: bytes=32 time=37ms TTL=49



Ping statistics for 74.125.227.71:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 37ms, Maximum = 439ms, Average = 238ms

DNS request timed out.
timeout was 2 seconds.
Server: dns-cac-lb-02.rr.com
Address: 209.18.47.62

Name: yahoo.com
Addresses: 209.191.122.70, 72.30.38.140, 98.139.183.24



Pinging yahoo.com [98.139.183.24] with 32 bytes of data:



Reply from 98.139.183.24: bytes=32 time=110ms TTL=50

Reply from 98.139.183.24: bytes=32 time=157ms TTL=50



Ping statistics for 98.139.183.24:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 110ms, Maximum = 157ms, Average = 133ms

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:



Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 0c 0a 49 9b 1c ...... Ralink Turbo Wireless LAN Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.6 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.0.0 255.255.255.0 192.168.0.6 192.168.0.6 20
192.168.0.6 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.0.255 255.255.255.255 192.168.0.6 192.168.0.6 20
224.0.0.0 240.0.0.0 192.168.0.6 192.168.0.6 20
255.255.255.255 255.255.255.255 192.168.0.6 192.168.0.6 1
Default Gateway: 192.168.0.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/19/2012 03:16:45 AM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (07/13/2012 00:59:19 AM) (Source: Google Update) (User: CHOMPUXP)CHOMPUXP
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (07/12/2012 09:59:05 PM) (Source: Google Update) (User: CHOMPUXP)CHOMPUXP
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (07/12/2012 06:59:17 PM) (Source: Google Update) (User: CHOMPUXP)CHOMPUXP
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (07/11/2012 09:46:24 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (07/11/2012 06:54:05 PM) (Source: Google Update) (User: CHOMPUXP)CHOMPUXP
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (07/11/2012 03:59:20 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The server name or address could not be resolved

Error: (07/08/2012 03:54:05 PM) (Source: Google Update) (User: CHOMPUXP)CHOMPUXP
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (07/08/2012 00:54:05 PM) (Source: Google Update) (User: CHOMPUXP)CHOMPUXP
Description: Network Request Error.
Error: 0x80040801. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying WinHTTP.
Send request returned 0x80040801. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80040801. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80040801

Error: (07/05/2012 02:52:15 AM) (Source: Chrome) (User: CHOMPUXP)CHOMPUXP
Description: Chrome has encountered a fatal error.
ver=20.0.1132.47;is_machine=0;minidump=C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\CrashReports\1916b58d-03ce-449e-938f-270f590413bf.dmp


System errors:
=============
Error: (07/19/2012 03:17:21 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/17/2012 02:21:57 PM) (Source: Service Control Manager) (User: )
Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (07/16/2012 08:29:11 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/16/2012 06:34:58 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/16/2012 06:05:02 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/13/2012 03:41:59 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/12/2012 05:34:31 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/12/2012 00:24:17 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/12/2012 00:13:48 PM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error:
%%3

Error: (07/12/2012 00:13:15 PM) (Source: Dhcp) (User: )
Description: Your computer was not assigned an address from the network (by the DHCP
Server) for the Network Card with network address 000C0A499B1C. The following error
occurred:
%%1223.
Your computer will continue to try and obtain an address on its own from
the network address (DHCP) server.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 7.1.8)
Adobe AIR (Version: 3.1.0.4880)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.6)
Adobe Flash Player 11 ActiveX (Version: 11.3.300.265)
Adobe Flash Player 11 Plugin (Version: 11.3.300.265)
Adobe Reader X (10.0.1) (Version: 10.0.1)
Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707)
CCleaner (Version: 3.20)
COMODO Internet Security (Version: 5.4.58750.1355)
Critical Update for Windows Media Player 11 (KB959772)
GIMP 2.8.0 (Version: 2.8.0)
Google Chrome (Version: 20.0.1132.57)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.115)
HiJackThis (Version: 1.0.0)
InterVideo WinDVD 8 (Version: 8.0-B6.109)
J2SE Development Kit 5.0 Update 22 (Version: 1.5.0.220)
J2SE Runtime Environment 5.0 Update 22 (Version: 1.5.0.220)
Java Auto Updater (Version: 2.1.6.0)
Java SE Development Kit 7 Update 4 (Version: 1.7.0.40)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 7 Update 4 (Version: 7.0.40)
JavaFX 2.1.0 (Version: 2.1.0)
JavaFX 2.1.0 SDK (Version: 2.1.0)
JCreator LE 5.00
JCreator Pro 3.50
Logitech Vid HD (Version: 7.2 (7259))
Logitech Webcam Software (Version: 12.10.1113)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.62.0.1300 (Version: 1.62.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU (Version: 2.1.21022)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU (Version: 3.1.21022)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack - deu (Version: 3.5.21022)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Corporation (Version: 9.0.30729.1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.6612.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 14.0.1468.721)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6.0 Parser (Version: 6.00.3883.8)
Nero 8 (Version: 8.10.21)
neroxml (Version: 1.0.0)
NVIDIA Control Panel 275.33 (Version: 275.33)
NVIDIA Graphics Driver 275.33 (Version: 275.33)
NVIDIA Install Application (Version: 2.275.78.0)
NVIDIA nView 135.85 (Version: 135.85)
NVIDIA nView Desktop Manager (Version: 6.14.10.13585)
NVIDIA Update 1.3.5 (Version: 1.3.5)
NVIDIA Update Components (Version: 1.3.5)
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
QuickTime (Version: 7.1.3.100)
Ralink RT6x Wireless LAN Card (Version: 1.5.4.0)
Realtek High Definition Audio Driver
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.5 (Version: 5.5.124)
Spybot - Search & Destroy (Version: 2.0.9)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
System Requirements Lab
System Requirements Lab for Intel (Version: 4.4.24.0)
TeamViewer 5 (Version: 5.1.13999 )
Traffic Shaper XP Client (Version: 1.21)
Traffic Shaper XP Server (Version: 1.21)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows Internet Explorer 8 (KB971180) (Version: 1)
Update for Windows Internet Explorer 8 (KB973874) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows Internet Explorer 8 (KB976749) (Version: 1)
Update for Windows Internet Explorer 8 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB980302) (Version: 1)
Update for Windows Internet Explorer 8 (KB982632) (Version: 1)
Update for Windows Internet Explorer 8 (KB982664) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VBA (2627.01) (Version: 6.03.00.9402)
VCRedistSetup (Version: 1.0.0)
VLC media player 2.0.1 (Version: 2.0.1)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows PowerShell™ 1.0 MUI pack (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
XML Paper Specification Shared Components Language Pack 1.0
Yahoo! Messenger
Yahoo! Toolbar

========================= Devices: ================================

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTLE8023xp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 2047.27 MB
Available physical RAM: 1225.62 MB
Total Pagefile: 3940.3 MB
Available Pagefile: 3090.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1974.88 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:127.99 GB) (Free:94.35 GB) NTFS

========================= Users: ========================================

User accounts for \\CHOMPUXP

Administrator ASPNET Guest
HelpAssistant SUPPORT_388945a0 Torreon
UpdatusUser

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

22-04-2012 06:01:08 System Checkpoint
24-04-2012 03:08:50 System Checkpoint
25-04-2012 18:31:55 System Checkpoint
26-04-2012 19:31:27 System Checkpoint
27-04-2012 21:32:10 System Checkpoint
29-04-2012 01:52:26 System Checkpoint
30-04-2012 04:24:07 System Checkpoint
01-05-2012 07:28:27 System Checkpoint
02-05-2012 21:39:41 System Checkpoint
03-05-2012 23:46:29 System Checkpoint
04-05-2012 02:18:13 Installed DirectX
05-05-2012 03:00:46 Avira AntiVir Personal - 5/4/2012 22:00
06-05-2012 03:43:47 System Checkpoint
07-05-2012 16:09:56 System Checkpoint
08-05-2012 16:11:01 System Checkpoint
09-05-2012 18:10:37 System Checkpoint
10-05-2012 19:47:57 System Checkpoint
11-05-2012 06:46:21 Software Distribution Service 3.0
11-05-2012 15:07:41 Software Distribution Service 3.0
12-05-2012 07:05:14 Software Distribution Service 3.0
13-05-2012 15:46:19 System Checkpoint
14-05-2012 16:04:17 System Checkpoint
15-05-2012 23:26:13 System Checkpoint
17-05-2012 03:39:04 System Checkpoint
18-05-2012 03:18:00 ARO 2012 - Before Installation
18-05-2012 03:18:37 ARO 2012 - FIRST RUN
18-05-2012 03:27:09 ARO 2012 Thu, May 17, 12 22:27
19-05-2012 18:27:37 Installed AVG 2012
19-05-2012 18:28:08 Installed AVG 2012
20-05-2012 18:28:42 System Checkpoint
21-05-2012 19:05:36 System Checkpoint
22-05-2012 13:16:27 Software Distribution Service 3.0
22-05-2012 23:51:36 Software Distribution Service 3.0
23-05-2012 07:16:03 Software Distribution Service 3.0
24-05-2012 01:36:22 Installed J2SE Development Kit 5.0 Update 22
24-05-2012 01:40:51 Installed J2SE Runtime Environment 5.0 Update 22
24-05-2012 02:14:58 Installed Java SE Development Kit 7 Update 4
24-05-2012 02:16:53 Installed Java™ 7 Update 4
24-05-2012 02:20:42 Installed JavaFX 2.1.0 SDK
24-05-2012 02:21:48 Installed JavaFX 2.1.0
25-05-2012 20:58:18 System Checkpoint
26-05-2012 20:48:12 Installed HiJackThis
27-05-2012 20:55:58 System Checkpoint
29-05-2012 03:26:33 System Checkpoint
30-05-2012 03:36:35 System Checkpoint
31-05-2012 19:34:49 System Checkpoint
02-06-2012 00:12:12 System Checkpoint
02-06-2012 17:41:27 Removed AVG 2012
02-06-2012 17:43:27 Removed AVG 2012
02-06-2012 18:31:42 Removed AVG 2012
03-06-2012 18:38:21 System Checkpoint
04-06-2012 08:00:17 Software Distribution Service 3.0
05-06-2012 08:18:31 System Checkpoint
07-06-2012 02:02:48 System Checkpoint
08-06-2012 02:33:39 System Checkpoint
09-06-2012 03:41:35 System Checkpoint
10-06-2012 04:14:07 System Checkpoint
11-06-2012 05:11:57 System Checkpoint
12-06-2012 05:38:14 System Checkpoint
13-06-2012 08:00:34 Software Distribution Service 3.0
13-06-2012 08:20:37 Software Distribution Service 3.0
14-06-2012 20:02:16 System Checkpoint
15-06-2012 03:35:50 Removed FULL-DISKfighter.
16-06-2012 04:50:53 System Checkpoint
17-06-2012 17:02:08 System Checkpoint
18-06-2012 22:46:32 System Checkpoint
20-06-2012 06:45:10 System Checkpoint
21-06-2012 21:39:47 System Checkpoint
22-06-2012 22:47:01 System Checkpoint
24-06-2012 00:38:52 System Checkpoint
25-06-2012 20:09:48 System Checkpoint
26-06-2012 23:46:10 System Checkpoint
28-06-2012 07:07:41 System Checkpoint
04-07-2012 19:52:28 System Checkpoint
05-07-2012 21:15:01 System Checkpoint
06-07-2012 23:24:46 System Checkpoint
08-07-2012 00:17:16 System Checkpoint
09-07-2012 00:44:49 System Checkpoint
10-07-2012 01:43:00 System Checkpoint
11-07-2012 03:43:16 System Checkpoint
11-07-2012 08:00:48 Software Distribution Service 3.0
12-07-2012 19:10:56 System Checkpoint
16-07-2012 23:20:31 Removed Facebook Video Calling 1.2.0.159
16-07-2012 23:29:38 Removed SavetheChildren Reminder by We-Care.com v4.0.19.4
18-07-2012 00:09:26 System Checkpoint
18-07-2012 23:29:05 Software Distribution Service 3.0
19-07-2012 23:56:42 System Checkpoint
21-07-2012 00:20:37 System Checkpoint

**** End of log ****

#4 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 21 July 2012 - 06:48 AM

Hi

:step1:
Download Malwarebytes' Anti-Malware (aka MBAM): http://www.malwarebytes.org/mbam-download.php to your desktop.

  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes'
    Anti-Malware
    and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Post the log in your next reply.

If requested by MBAM, restart the computer.

The log can also be found here:
C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Users\<Username>\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt


:step2:
I'd like us to scan your machine with ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Note: Vista/Windows 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • On ESET: Click the Back button, then the Finish button.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

:step3:
How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#5 copycat

copycat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 22 July 2012 - 07:32 PM

STEP 1..............................

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.22.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Torreon :: CHOMPUXP [administrator]

7/22/2012 3:11:06 PM
mbam-log-2012-07-22 (15-11-06).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 341964
Time elapsed: 1 hour(s), 13 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



STEP 2..............................

C:\Documents and Settings\Torreon\Local Settings\Temp\50or.exe Win32/Toolbar.CrossRider application cleaned by deleting - quarantined
C:\Documents and Settings\Torreon\Local Settings\Temp\air1E.tmp.exe Win32/Toolbar.Zugo application cleaned by deleting - quarantined
C:\Documents and Settings\Torreon\Local Settings\Temp\ICReinstall\cnet2_jcrea500_setup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Torreon\Local Settings\Temp\ICReinstall\cnet2_PSPX4_TBYB30_exe (1).exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
C:\Documents and Settings\Torreon\Local Settings\Temp\ICReinstall\cnet2_PSPX4_TBYB30_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined


STEP 3..............................


Unfortunately the yahoo toolbar is still in the uninstall program list, and when trying to uninstall it, the process au_.exe starts running and the CPU usage jumps to 100% and never stops until I kill the process.

When I do a search trying to locate that file, the search result gives me two files, “au_.exe” and “au_.exe-2f72D323.pf”. The first one is located in “c:\documents and settings\<user>\local settings\temp\nsu.tmp” and the second in “c:\windows\prefetch”.

So that is still going on, and another thing that I have noticed is that a lot of archives (extensions) are not linked to any program and they don’t have the correct icon, just a generic one, so I have to click on it and choose the default program. I have fixed a lot of extensions but I am sure there are still some that need to be fixed.

These are the only two main problems that this computer seems to have right now.

Thanks for your help, please advise.

#6 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 22 July 2012 - 07:51 PM

Hi

Lets have a look for those files, and check for rootkits:

:step1:
Please run Farbar Service Scanner on your desktop.
Type the following in the edit box after "Search:".

au_.exe

Click Search Files button and post the log (FSS.txt) it makes in your next reply.


:step2:
Please follow Step 6 only of the preparation guide here.


:step3:
Please follow step 8 only of the preparation guide here.
Post the log (ark.txt) in your next reply.

If GMER crashes please give details along with any error message if applicable.

Edited by dev00790, 22 July 2012 - 07:52 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#7 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 28 July 2012 - 05:53 PM

Hi

Are you still with me?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#8 copycat

copycat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 28 July 2012 - 11:16 PM

Hi Sorry for the delay, here are the results.

(1)............................................
Farbar Service Scanner Version: 26-07-2012
Ran by Torreon (administrator) on 28-07-2012 at 20:23:37
Microsoft Windows XP Professional Service Pack 3 (X86)

************************************************
======== Search: "Au_.exe" =========

C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe
[2012-07-28 20:22] - [2012-07-28 20:22] - 0104126 ____A (Yahoo! Inc.) C1047A5CCC87F63ADCB442F5C1AA8CCC

====== End Of Search ======


(2)............................................
Do I need to enable the CD Emulation drivers after finishing step (3) below?


(3)............................................
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-28 23:09:08
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD1600JS-60NCB1 rev.10.02E02
Running: gmer.exe; Driver: C:\DOCUME~1\Torreon\LOCALS~1\Temp\ufryqpoc.sys


---- System - GMER 1.0.15 ----

SSDT B87A669C ZwClose
SSDT B87A6656 ZwCreateKey
SSDT B87A66A6 ZwCreateSection
SSDT B87A664C ZwCreateThread
SSDT B87A665B ZwDeleteKey
SSDT B87A6665 ZwDeleteValueKey
SSDT B87A6697 ZwDuplicateObject
SSDT B87A666A ZwLoadKey
SSDT B87A6638 ZwOpenProcess
SSDT B87A663D ZwOpenThread
SSDT B87A6674 ZwReplaceKey
SSDT B87A666F ZwRestoreKey
SSDT B87A66AB ZwSetContextThread
SSDT B87A6660 ZwSetValueKey
SSDT B87A6647 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB66583A0, 0x88C445, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe[128] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avguard.exe[332] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Traffic Shaper XP Server\bcserver.service[472] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[556] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[760] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[772] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[816] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0077FC60 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe[820] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe[888] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[936] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1012] rpcss.dll!WhichService 76A84234 8 Bytes JMP ED501001
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1072] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1076] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00533F00 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1076] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0054D9A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5 Bytes JMP 1001F060 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1112] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\nvsvc32.exe[1188] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1208] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[1228] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe[1236] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\RTHDCPL.EXE[1320] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1320] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1324] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1340] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\RunDLL32.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[1512] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[1544] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[1568] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe[1580] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[1608] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[1656] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1656] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1692] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1692] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Avira\AntiVir Desktop\sched.exe[1768] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[1852] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1852] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Application Data\Genieo\Application\Updater\bin\genupdater.exe[1876] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)


...continues...........below

#9 copycat

copycat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 28 July 2012 - 11:17 PM

....continues from above....



.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[1932] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe[2132] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 20, 00] {SUB [EAX], AL; AND [EAX], AL}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 20, 00] {SUB [EBX], AL; AND [EAX], AL}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 20, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 20, 00] {TEST AL, 0x1; AND [EAX], AL}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90F61A
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 20, 00] {TEST AL, 0x2; AND [EAX], AL}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 20, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 20, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90F68B
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 20, 00] {TEST AL, 0x0; AND [EAX], AL}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90F7B9
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 20, 00] {SUB [ECX], AL; AND [EAX], AL}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 20, 00] {SUB [EDX], AL; AND [EAX], AL}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 20, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] SHELL32.dll!ShellExecuteExW 7CA0995B 5 Bytes JMP 1002A940 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] SHELL32.dll!ShellExecuteEx 7CA40ED5 5 Bytes JMP 1002A960 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] SHELL32.dll!ShellExecuteA 7CA41200 5 Bytes JMP 1002A9A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2324] SHELL32.dll!ShellExecuteW 7CAB5FDD 5 Bytes JMP 1002A980 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Update\1.3.21.115\GoogleCrashHandler.exe[2336] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] SHELL32.dll!ShellExecuteExW 7CA0995B 5 Bytes JMP 1002A940 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] SHELL32.dll!ShellExecuteEx 7CA40ED5 5 Bytes JMP 1002A960 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] SHELL32.dll!ShellExecuteA 7CA41200 5 Bytes JMP 1002A9A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2340] SHELL32.dll!ShellExecuteW 7CAB5FDD 5 Bytes JMP 1002A980 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Desktop\gmer.exe[2584] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\svchost.exe[2596] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe[2676] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[2732] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] SHELL32.dll!ShellExecuteExW 7CA0995B 5 Bytes JMP 1002A940 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] SHELL32.dll!ShellExecuteEx 7CA40ED5 5 Bytes JMP 1002A960 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] SHELL32.dll!ShellExecuteA 7CA41200 5 Bytes JMP 1002A9A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2868] SHELL32.dll!ShellExecuteW 7CAB5FDD 5 Bytes JMP 1002A980 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] SHELL32.dll!ShellExecuteExW 7CA0995B 5 Bytes JMP 1002A940 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] SHELL32.dll!ShellExecuteEx 7CA40ED5 5 Bytes JMP 1002A960 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] SHELL32.dll!ShellExecuteA 7CA41200 5 Bytes JMP 1002A9A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] SHELL32.dll!ShellExecuteW 7CAB5FDD 5 Bytes JMP 1002A980 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] WS2_32.dll!WSASocketW 71AB404E 2 Bytes JMP 1002A8C0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] WS2_32.dll!WSASocketW + 3 71AB4051 4 Bytes [57, 9E, CC, CC] {PUSH EDI; SAHF ; INT 3 ; INT 3 }
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3084] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 1002A8E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 1002ADA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtClose 7C90CFEE 2 Bytes JMP 1001D080 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtClose + 3 7C90CFF1 2 Bytes [71, 93] {JNO 0xffffffffffffff95}
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 1002AD60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 1002AE20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 1002AE00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 1002ADC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 1002A430 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 1002AD80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 1002AD40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B912B1A
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B912B8B
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 1002A3E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B912CB9
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 1002BB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 1002B860 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 1002AD00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 1002AD20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 55, 00]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 1002ADE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 1002A6F0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 1002A480 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10027DF0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001D1A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ntdll.dll!LdrGetProcedureAddress 7C917CF0 5 Bytes JMP 1002ACE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 1002AC20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 1002A9C0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 1002AC60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 1002AC80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 1002AA20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10024F30 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10025AC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 1002ACC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 1002AA00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 1002AA60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 1002AA40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 1002AC00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 1002AAC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 1002AB40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!OpenFile 7C821982 5 Bytes JMP 1002AC40 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 1002AB80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 1002ABE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 1002ABC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 1002AAA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 1002AA80 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 1002AB00 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 1002AB60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 1002AAE0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 1002AB20 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CopyFileExA 7C85F39C 1 Byte [E9]
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 1002ABA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 1002A9E0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 1002ACA0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10023A60 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10024390 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] GDI32.dll!DeleteDC 77F16E5F 5 Bytes JMP 10028BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] GDI32.dll!GetPixel 77F1B74C 5 Bytes JMP 10028990 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10029CC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] GDI32.dll!CreateDCW 77F1BE38 5 Bytes JMP 10029BC0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] SHELL32.dll!ShellExecuteExW 7CA0995B 5 Bytes JMP 1002A940 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] SHELL32.dll!ShellExecuteEx 7CA40ED5 5 Bytes JMP 1002A960 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] SHELL32.dll!ShellExecuteA 7CA41200 5 Bytes JMP 1002A9A0 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3512] SHELL32.dll!ShellExecuteW 7CAB5FDD 5 Bytes JMP 1002A980 c:\windows\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0x2E 0xE8 0xE1 0x00 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x6A 0x9C 0xD6 0x61 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xCD 0x44 0xCD 0xB9 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ...
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version
Reg HKLM\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x16 0xF4 0x17 0xF6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0x51 0xFA 0x6E 0x91 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0xFA 0xEA 0x66 0x7F ...

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\L17JX4RZ\clients[1].txt 0 bytes

---- EOF - GMER 1.0.15 ----

#10 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 29 July 2012 - 07:55 PM

Ok that GMER log seems fine.

Do I need to enable the CD Emulation drivers after finishing step (3) below?

No, please keep the emulation drivers disabled for now.

another thing that I have noticed is that a lot of archives (extensions) are not linked to any program and they don't have the correct icon, just a generic one, so I have to click on it and choose the default program. I have fixed a lot of extensions but I am sure there are still some that need to be fixed.

We'll look into this after the au_ / yahoo problem

Next please do the following:

:step1:

Download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main text field:

    :filefind
    *yahoo*
    *au_*
    
    :folderfind
    *yahoo*
    
    :regfind
    yahoo
    au_
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#11 copycat

copycat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 03 August 2012 - 08:49 AM

SystemLook 30.07.11 by jpshortstuff
Log created at 08:28 on 03/08/2012 by Torreon
Administrator - Elevation successful

========== filefind ==========

Searching for "*yahoo*"
C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk --a---- 802 bytes [04:41 14/06/2012] [04:41 14/06/2012] 13FCF63EAFAD5F05D84F171C2CCF793D
C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk --a---- 814 bytes [04:41 14/06/2012] [04:41 14/06/2012] A7A0A0E5633D0C788F034DAABA84F5C0
C:\Documents and Settings\Torreon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk --a---- 820 bytes [04:41 14/06/2012] [04:41 14/06/2012] 3DB2342696C1E64DE8E1391C79B7DBBB
C:\Documents and Settings\Torreon\Cookies\torreon@yahoo[1].txt --a---- 368 bytes [16:00 04/06/2011] [16:00 04/06/2011] 98D346AEF3BB37D5466A812E5058F82B
C:\Documents and Settings\Torreon\Cookies\torreon@yahoo[3].txt --a---- 83 bytes [17:10 05/06/2011] [17:10 05/06/2011] D0803901B45BEDB4B02A98E4C6FA1997
C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_3cp9lcoq32dpn-c.c.yom.mail.yahoo.com_0.localstorage --a---- 9216 bytes [13:24 03/08/2012] [13:24 03/08/2012] 85D5391257B641A4AB1F21B808204483
C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_3cp9lcoq32dpn-c.c.yom.mail.yahoo.com_0.localstorage-journal --a---- 3608 bytes [13:24 03/08/2012] [13:24 03/08/2012] A17D0BD7DD43E3B309BC412F6E4B5C83
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0EMIOOFH\mat_boy_fbchat_6heart_chatwithblulnk_genderradio_na_81001_072211_yahoo_234x60[1].swf --a---- 27559 bytes [03:19 23/11/2011] [03:19 23/11/2011] 59DB5B25F126B98F993E2C772E68BC09
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0EMIOOFH\mat_grl_webcams_emoflthrt_chatwithblulnk_genradio_na_92461_112311_yahoo_234x60[1].swf --a---- 22327 bytes [14:47 28/11/2011] [14:47 28/11/2011] 68BD2000A7F8CD1019EFD667E4A9954E
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0EMIOOFH\yahoo_hmpg_dog911_300x250[1].swf --a---- 85100 bytes [02:40 27/11/2011] [02:40 27/11/2011] 529BF3151E47107B1AE8A643409759D8
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\0EMIOOFH\Yahoo__Set_Homepage_November_300x250_110311[1].swf --a---- 87569 bytes [17:26 27/11/2011] [17:26 27/11/2011] A2DCA5FA47E98309A586AABC6003ACB3
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\3ST428BP\insider_msg_yahoo_com[1].txt --a---- 21273 bytes [00:49 13/07/2012] [00:49 13/07/2012] F171104BC07178E96AA069405BE9C197
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\3ST428BP\mat_nog_boxface_grnsqrsingleingeo_cwblulnk_mgenradio_na_108936_060112_yahoo_234x60[1].swf --a---- 12971 bytes [06:03 13/07/2012] [06:03 13/07/2012] 54BF45AF1F7780D35E6E4B40CA478043
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\6Y6U057R\insider_msg_yahoo_com[1].txt --a---- 22908 bytes [23:05 16/07/2012] [23:05 16/07/2012] 094A7648F3C1C1891300B6770B1FA3FD
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\6Y6U057R\mat_grl_webcams_centerform_Chatwithblulnk_genderradio_na_87115_092111_yahoo_234x60[1].swf --a---- 20932 bytes [23:45 28/07/2012] [23:45 28/07/2012] 0311AC54EFC14E77DA11797E0295B204
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\6Y6U057R\mat_grl_ypm_centerfrgrnsqr_cwgengeoblulnk_genradio_na_108133_052312_yahoo_234x60[1].swf --a---- 22962 bytes [03:57 13/07/2012] [03:57 13/07/2012] BE952E87E30F93F8F9B9561F9F0E05F3
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\EGWO339X\insider_msg_yahoo_com[1].txt --a---- 19421 bytes [03:06 12/07/2012] [03:06 12/07/2012] 3CF903732BCEC37CD314D8E66ED9B337
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\EGWO339X\insider_msg_yahoo_com[2].txt --a---- 19638 bytes [22:35 12/07/2012] [22:35 12/07/2012] B97CF89704A0CAEA7FDE56D0CF9D268E
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\EGWO339X\mat_boy_YPM_grnsqr_CWgenGeoblulnk_genradio_na_108133_052312_yahoo_234x60[1].swf --a---- 27323 bytes [23:51 28/07/2012] [23:51 28/07/2012] A3B9225EE4338CB1444BF68AE769168C
C:\Program Files\Java\jdk1.5.0_22\demo\applets\TicTacToe\audio\yahoo1.au --a---- 7834 bytes [01:37 24/05/2012] [01:37 24/05/2012] 06AF4F84ACFACC05AB810BED1964BCCD
C:\Program Files\Java\jdk1.5.0_22\demo\applets\TicTacToe\audio\yahoo2.au --a---- 7463 bytes [01:37 24/05/2012] [01:37 24/05/2012] EA586C7252A4172E6206EFA49BE0C055
C:\Program Files\Java\jdk1.5.0_22\demo\plugin\applets\TicTacToe\audio\yahoo1.au --a---- 7834 bytes [01:37 24/05/2012] [01:37 24/05/2012] 06AF4F84ACFACC05AB810BED1964BCCD
C:\Program Files\Java\jdk1.5.0_22\demo\plugin\applets\TicTacToe\audio\yahoo2.au --a---- 7463 bytes [01:37 24/05/2012] [01:37 24/05/2012] EA586C7252A4172E6206EFA49BE0C055
C:\Program Files\Mozilla Firefox 4.0 Beta 1\searchplugins\yahoo.xml --a---- 1096 bytes [18:41 07/06/2012] [18:41 07/06/2012] FDE8CE648EB1FCE524978664612B939A
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe --a---- 6595928 bytes [04:41 14/06/2012] [09:25 25/05/2012] 127CD00925C1A2B759765C5B9600DE30
C:\Program Files\Yahoo!\Messenger\Media\RingTones\Yahoo_ring_03.rtl --a---- 67 bytes [04:40 14/06/2012] [05:36 16/02/2012] 797D905BCB498775F4C0AF97ECEA4115
C:\Program Files\Yahoo!\Messenger\Media\RingTones\Yahoo_ring_03.wav --a---- 87478 bytes [04:40 14/06/2012] [05:36 16/02/2012] 97014903D78EE22DB653DDC4E760E5B6
C:\Program Files\Yahoo!\Messenger\skins\Default\images\icn-sharebox-yahoo.png --a---- 3568 bytes [04:41 14/06/2012] [05:35 16/02/2012] C19AF767636C2B800EE91118963CE44F
C:\Program Files\Yahoo!\Messenger\skins\Default\theme\Yahoo!_Messenger.png --a---- 3962 bytes [04:41 14/06/2012] [05:35 16/02/2012] EC473574C1D5A4B1C58ABAFD3AAB8897
C:\Program Files\Yahoo!\Messenger\skins\Default\theme\Yahoo!_Messenger_aero.png --a---- 4257 bytes [04:41 14/06/2012] [05:35 16/02/2012] 74144A3619F183952956920A2D3A1547
C:\WINDOWS\Prefetch\YAHOOMESSENGER.EXE-06E29CD9.pf --a---- 52692 bytes [23:44 28/07/2012] [23:45 28/07/2012] 4F5B5C2954B4C85F30B4563A30C0DAAC

Searching for "*au_*"
C:\Documents and Settings\Torreon\Local Settings\Temp\Temporary Internet Files\Content.IE5\3ST428BP\1-1-lmb_iau_PAgeOldHandSign2RedFillCNP15s50k_37RipRidEz_GovHate_0612_300x250[1].swf --a---- 39455 bytes [22:35 12/07/2012] [22:35 12/07/2012] 2545CBDF4E90E0DC6AF9187653E81512
C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe --a---- 104126 bytes [13:28 03/08/2012] [13:28 03/08/2012] C1047A5CCC87F63ADCB442F5C1AA8CCC
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\8ARK9N06\au_bg_rightbottom[1].gif --a---- 57 bytes [23:27 18/07/2012] [23:27 18/07/2012] 6DF3B805767534EB1F43B3264B61D727
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\8ARK9N06\au_shieldred[1].gif --a---- 1445 bytes [23:27 18/07/2012] [23:27 18/07/2012] BD7043DE40315C745B58E8453D692EB4
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\D4YLPFBF\au_bg_bottommiddle[1].gif --a---- 44 bytes [23:27 18/07/2012] [23:27 18/07/2012] F6AF11B3617B48191E85F7B492E0F57E
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\D4YLPFBF\au_bg_lefttop[1].gif --a---- 820 bytes [23:27 18/07/2012] [23:27 18/07/2012] A7583E83B2823F48B18093890D45C96A
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\D4YLPFBF\au_button_middle[1].gif --a---- 160 bytes [23:27 18/07/2012] [23:27 18/07/2012] 662F58EB07FE186012EE77E3CFC4F73C
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\L17JX4RZ\au_bg_rightmiddle[1].gif --a---- 44 bytes [23:27 18/07/2012] [23:27 18/07/2012] 7D571A4249BDA26C4DCA95231CE4360C
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\L17JX4RZ\au_bg_righttop[1].gif --a---- 821 bytes [23:27 18/07/2012] [23:27 18/07/2012] DF5025AC648D526B013ECDD8C0BB0CFB
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\L17JX4RZ\au_button_right[1].gif --a---- 334 bytes [23:27 18/07/2012] [23:27 18/07/2012] 2ACD06277A150AC35E6F22BA179A69DB
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\L17JX4RZ\au_shieldyellow[1].gif --a---- 1457 bytes [23:27 18/07/2012] [23:27 18/07/2012] A7BF911BD5E070C9FE6B3E4107248184
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\ZGKKWSP1\au_bg_leftbottom[1].gif --a---- 56 bytes [23:27 18/07/2012] [23:27 18/07/2012] 2541BD4EB06E713E7F71AF88DBC38DCC
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\ZGKKWSP1\au_bg_leftmiddle[1].gif --a---- 44 bytes [23:27 18/07/2012] [23:27 18/07/2012] CEAD550E4504B6B57A115C37DE2CCB1F
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\ZGKKWSP1\au_button_left[1].gif --a---- 330 bytes [23:27 18/07/2012] [23:27 18/07/2012] E29F9094E21233CBB68A9D56F6402F5B
C:\Documents and Settings\Torreon\Local Settings\Temporary Internet Files\Content.IE5\ZGKKWSP1\au_shieldgreen[1].gif --a---- 1452 bytes [23:27 18/07/2012] [23:27 18/07/2012] 223474D4B0013964C9DDB43797E26F93
C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll --a---- 36352 bytes [00:05 17/03/2012] [00:05 17/03/2012] 01119A5AFD6E0B78E2E897C633DE2AF9
C:\WINDOWS\Prefetch\AU_.EXE-2F72D323.pf --a---- 14378 bytes [01:23 29/07/2012] [13:28 03/08/2012] 4715C626347E394F7E97A1B4F947B04E
C:\WINDOWS\ServicePackFiles\i386\au_plcy.htm ------- 5443 bytes [00:45 18/03/2009] [04:03 04/08/2004] C31221D18CA3D15E685CC352178098AF
C:\WINDOWS\system32\oobe\setup\au_plcy.htm --a---- 13568 bytes [00:45 18/03/2009] [01:17 18/03/2009] 715BE7D6AED8CC1DDE300C52335D75DB

========== folderfind ==========

Searching for "*yahoo*"
C:\Documents and Settings\All Users\Application Data\Yahoo! d------ [02:13 23/07/2011]
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion d------ [04:42 14/06/2012]
C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger d------ [04:41 14/06/2012]
C:\Documents and Settings\Torreon\Application Data\Yahoo! d------ [02:13 23/07/2011]
C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects\ZWPXQH75\login.yahoo.com d------ [05:29 24/05/2012]
C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\macromedia.com\support\flashplayer\sys\#login.yahoo.com d------ [05:29 24/05/2012]
C:\Documents and Settings\Torreon\Local Settings\Application Data\Microsoft\Messenger\removed d------ [00:29 23/05/2011]
C:\Program Files\Yahoo! d------ [16:59 22/11/2011]

========== regfind ==========

Searching for "yahoo"
[HKEY_CURRENT_USER\Software\Genieo]
"is_homepage_chrome_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_CURRENT_USER\Software\Genieo]
"is_homepage_ff_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_CURRENT_USER\Software\Genieo]
"is_homepage_ie_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651}]
"AppPath"="C:\PROGRA~1\Yahoo!\companion\installs\cpn"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.vn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA332C~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.uk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~2.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.tw"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5B10~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAE7E0~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA1710~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.se"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOS~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.pl"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOP~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ph"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~3.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.nz"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADF2D~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.no"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOON~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.my"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6FF7~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.mx"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FF3~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.kr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~4.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"ybb.ne.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOJ~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.it"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.in"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADFFA~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ie"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~2.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.id"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD7DA~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.hk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA2BEF~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.fr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOF~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.es"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOE~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.dk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOH~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.de"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOD~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.cn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA37DB~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD705~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ca"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.br"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA43DB~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.au"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FC7~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ar"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA4FCB~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6788~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"e"="YAHOOM~1.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Yahoo! Messenger]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"="Yahoo! Toolbar Uninstall Setup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\"="{ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\shadow\"="{1e56432f-6b81-407c-a9c1-ca0da0f7a1ed}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Contacts\Me]
"C:\Documents and Settings\Torreon\Contacts\removed\"="/DBINST:"ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d" /DBROW:"0a499b1c-000c-adb6-11e0-84d3b47add1a""
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"CookiesToSave"="*.piriform.com|google.com|google.com/accounts|login.live.com|mail.google.com|mail.yahoo.com|www.google.com|www.google.com/accounts|yahoo.com"
[HKEY_CURRENT_USER\Software\Surf Canyon\Settings]
"daily_code"="scIsOnSearchEngineDomain = function() {
return contains(scCurrentPageDomain, '.surfcanyon.') || contains(scCurrentPageDomain, '.google.') || contains(scCurrentPageDomain, '.yahoo.') || contains(scCurrentPageDomain, '.bing.') || contains(scCurrentPageDomain, 'localhost');
};

scSetupSearchLinks = function() {
var href = window.location.href;
if ((window.location.protocol === 'https:') || scIsOnSearchEngineDomain() || contains(scCurrentPageDomain, 'mail.') || contains(scCurrentPageDomain, 'calendar.') || endsWith(href, '.txt') || endsWith(href, '.xml')) {
return;
}

var terms = ['airline', 'apparel', 'bipolar', 'blu-ray', 'camcorder', 'camera', 'clothes', 'clothing', 'cosmetic', 'coupon', 'depression', 'dvd', 'electronics', 'erectile dysfunction', 'flight', 'footwear', 'fragrance', 'games', 'gaming system', 'halo', 'hdtv', 'home theater', 'imac', 'insomnia', 'ipad', 'iphone', 'ipod', 'jailbreak', 'jeans', 'kindle', 'kinect', 'laptop', 'lenovo', 'l
[HKEY_CURRENT_USER\Software\Surf Canyon\Settings]
"hourly_code2"="scEnableGoogle_hourly = function() {
var args = window.location.search;
var path = window.location.pathname;
return (getAffectGoogle() && contains(scCurrentPageDomain, '.google.') && contains(scCurrentPageDomain, 'www') && ((path === '/') || (path === '/search')) && !contains(args, 'define%3A') && !contains(args, '&swm=2'));
};

scEnableYahoo_hourly = function() {
return getAffectYahoo() && contains(scCurrentPageDomain, 'search.yahoo.com') && !contains(scCurrentPageDomain, 'video.search.') && !contains(scCurrentPageDomain, 'images.search.') && !contains(scCurrentPageDomain, 'news.search.');
};

scEnableBing_hourly = function() {
return getAffectBing() && contains(scCurrentPageDomain, 'bing.com') && (window.location.pathname === '/search');
};

scGetSearchStringFromGoogleSerp_hourly = function() {
var aTags = scGetDocument().getElementsByTagName('a');
var i;
for (i = 0; i < aTags.length; i++) {
var aTag = aTags[i];
var href = aTag.href;
if ((co
[HKEY_CURRENT_USER\Software\Surf Canyon\Settings]
"hourly_code"="scGetDocument = function() {
return scIsFF ? content.document : document;
};

scExtractUrlFromSpanTag = function(spanTag) {
var url = null;

if (spanTag) {
url = removeSimpleHtmlTags(spanTag.innerHTML, false);

var endPos = url.indexOf(' - ');
if (endPos > 0) {
url = url.substring(0, endPos);
}
}

return url;
};

scExtractHrefFromATag = function(aTag) {
var url;

var href = aTag.getAttribute('href');
if (href) {
url = unescape(href);

if (startsWith(url, 'url')) {
var pos = url.indexOf('href');
if (pos > -1) {
url = url.substring(pos);
}
}

if (startsWith(url, 'http://')) {
url = url.substring(7);
} else if (startsWith(url, 'https://')) {
url = url.substring(8);
}
url = url.replace(/.*:\/\//, '');
}

return url;
};

scGetSRNodes_google = function() {
var nodes = [];

var tags = scGetDocument().getElementsByTagName('li');
var i;
for (i = 0; i < tags.length; i++) {
var tag = tags[i];
var cls = tag.className;
var h = tag.innerHTML;
if (cls && ((cl
[HKEY_CURRENT_USER\Software\Yahoo]
[HKEY_CURRENT_USER\Software\Yahoo]
"ClientUpdatePage"="http://update.messenger.yahoo.com/msgrcli115.html"
[HKEY_CURRENT_USER\Software\Yahoo\Companion]
"slock"="geocities.yahoo.com,360.yahoo.com,store.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"PreLogin"="http://msg.edit.yahoo.com/config/"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"Http Server"="shttp.msg.yahoo.com/notify/"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"Relay Server"="relay.msg.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"Yahoo! User ID"="jakelandon30"
[HKEY_CURRENT_USER\Software\Yahoo\pager\defaults]
"VIP"="vcs1.msg.yahoo.com,vcs2.msg.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager\defaults]
"HttpVIP"="httpvcs1.msg.yahoo.com,httpvcs2.msg.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager\profiles\jakelandon30]
"pref"="Yahoo! Updates"
[HKEY_CURRENT_USER\Software\Yahoo\pager\profiles\Skins]
"Default_SkinDir"="C:\PROGRA~1\Yahoo!\MESSEN~1\skins\Default"
[HKEY_CURRENT_USER\Software\Yahoo\pager\Ymsgip]
"Facebook Learn More"="http://help.yahoo.com/l/us/yahoo/messenger/messenger11/connectednetworks/ms11fbchat.html"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"First Login Beacon"="http://pclick.internal.yahoo.com/p/s=97416787/lng=us/rand=%d"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Product Overview"="http://messenger.yahoo.com/overview.php"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Plug-in Gallery"="http://messenger.yahoo.com/external/plugins/gallery.php"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Send Feedback"="http://feedback.help.yahoo.com/feedback.php?.src=MSNGR10&.from=client"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Import Contacts"="https://invite.msg.yahoo.com/go/trueswitch/embed"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"New User Wizard"="https://invite.msg.yahoo.com/go/trueswitch/intro"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2.9.8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\ft60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}]
@="Yahoo! Audio Conferencing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacscom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\ProgID]
@="Yahoo.AudioConf.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacscom.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\VersionIndependentProgID]
@="Yahoo.AudioConf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF98F64-474B-416F-A5B8-B593F8B44D24}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\PhotoShare.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF98F64-474B-416F-A5B8-B593F8B44D24}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\PhotoShare.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}]
@="Yahoo! Audio UI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\ProgID]
@="Yahoo.AudioUI1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\VersionIndependentProgID]
@="Yahoo.AudioUI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85E8A802-0A46-46A9-AE70-41AC2A01FED2}\InProcServer32]
@="C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D39223E-AE8E-11D4-8FD3-00D0B7730277}]
@="Yahoo! Webcam Viewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D39223E-AE8E-11D4-8FD3-00D0B7730277}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\ywcvwr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D39223E-AE8E-11D4-8FD3-00D0B7730277}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\ywcvwr.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}]
@="Yahoo! Webcam Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\ywcupl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\ywcupl.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\LocalServer32]
@="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}]
@="Yahoo! VU Meter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\ProgID]
@="Yahoo.VuMeter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\VersionIndependentProgID]
@="Yahoo.VuMeter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}]
@="Yahoo! Audio Slider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\ProgID]
@="Yahoo.AudioSlider.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\VersionIndependentProgID]
@="Yahoo.AudioSlider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0\0\win32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0\HELPDIR]
@="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B323CCC-50E3-11D3-9466-00A0C9700498}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\yacscom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2C5D34C5-99DE-4F84-95BE-2F18DC3BE4AB}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\PhotoShare.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}\1.0\HELPDIR]
@="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D1E9C3C-BD6A-11D3-87A8-009027A35D73}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9A5EC81C-23AD-4192-82C1-298B2058C444}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\ft60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D392231-AE8E-11D4-8FD3-00D0B7730277}\1.0]
@="Yahoo! Webcam Viewer 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D392231-AE8E-11D4-8FD3-00D0B7730277}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\ywcvwr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B2865C5C-9F6D-4D28-B600-0BD6E15952C1}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6B279A3-D11F-41FB-9EA7-233B2938A7DC}\1.0]
@="Yahoo! Messenger TypeLib"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6B279A3-D11F-41FB-9EA7-233B2938A7DC}\1.0\0\win32]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCE2F8A1-A520-11D4-8FD0-00D0B7730277}\1.0]
@="Yahoo! Webcam Upload 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCE2F8A1-A520-11D4-8FD0-00D0B7730277}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\ywcupl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D12C41-7B4F-11D3-B5C9-0050045C3C96}\1.0\0\win32]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
@="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf]
@="Yahoo! Audio Conferencing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf\CurVer]
@="Yahoo.AudioConf.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf.1]
@="Yahoo! Audio Conferencing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider]
@="Yahoo! Audio Slider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer]
@="Yahoo.AudioSlider.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider.1]
@="Yahoo! Audio Slider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1]
@="Yahoo! Audio UI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer]
@="Yahoo.Audio UI1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1.1]
@="Yahoo! Audio UI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.Messenger\CurVer]
@="Yahoo.Messenger.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.Messenger.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.MessengerCompanionControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer]
@="Yahoo.MessengerCompanionControl.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter]
@="Yahoo! VU Meter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter\CurVer]
@="Yahoo.VuMeter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter.1]
@="Yahoo! VU Meter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ymsgr\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ymsgrj\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YPager.Messenger\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YPager.Messenger.1\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YTHelper]
@="&Yahoo! Toolbar Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YTHelper.2]
@="&Yahoo! Toolbar Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YToolbarBand]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YToolbarBand.1]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcUpl.WcUpload]
@="Yahoo! Webcam Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcUpl.WcUpload.1]
@="Yahoo! Webcam Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcVwr.WcViewer]
@="Yahoo! Webcam Viewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcVwr.WcViewer.1]
@="Yahoo! Webcam Viewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger]
@="Yahoo! Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger\Protocols\callto\DefaultIcon]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger\Protocols\callto\shell\open\command]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe ymsgr:callto? %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger\shell\open\command]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe ymsgr:callto? %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
"Name"="YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name"="YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}]
"AppPath"="C:\Program Files\Yahoo!\Companion\Installs\cpn1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://http://www.yahoo.com/?ilc=8.yahoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="http://http://www.yahoo.com/?ilc=8.yahoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"UninstallString"="C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"DisplayName"="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"DisplayIcon"="C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll,-5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"InstallLocation"="C:\Program Files\Yahoo!\Companion\Installs\cpn1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"Publisher"="Yahoo! Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"DisplayName"="Yahoo! Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"UninstallString"="C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"Publisher"="Yahoo! Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"DisplayIcon"="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe,-0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]
"UninstallString"="C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"="Yahoo Messenger State Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Path"="C:\Program Files\Yahoo!\Shared\npYState.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Product"="Yahoo Messenger State Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Vendor"="Yahoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\MimeTypes\application/x-vnd.yahoo.messenger.state]
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"Apptitle"="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"yid"="C:\PROGRA~1\Yahoo!"
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"UninstallerPath"="C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"InstallPath"="C:\Program Files\Yahoo!\Companion\Installs\cpn1"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\127]
"Filename"="C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\127]
"DeviceName"="C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\92]
"Filename"="C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\92]
"DeviceName"="C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\95]
"Filename"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\95]
"DeviceName"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\.DEFAULT\Software\Sygate Technologies, Inc.\Sygate Personal Firewall]
"email"="removed"
[HKEY_USERS\.DEFAULT\Software\Yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Genieo]
"is_homepage_chrome_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Genieo]
"is_homepage_ff_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Genieo]
"is_homepage_ie_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651}]
"AppPath"="C:\PROGRA~1\Yahoo!\companion\installs\cpn"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.vn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA332C~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.uk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~2.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.tw"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5B10~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAE7E0~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA1710~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.se"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOS~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.pl"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOP~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ph"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~3.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.nz"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADF2D~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.no"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOON~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.my"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6FF7~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.mx"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FF3~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.kr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~4.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"ybb.ne.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOJ~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.it"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.in"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADFFA~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ie"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~2.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.id"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD7DA~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.hk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA2BEF~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.fr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOF~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.es"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOE~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.dk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOH~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.de"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOD~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.cn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA37DB~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD705~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ca"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.br"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA43DB~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.au"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FC7~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ar"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA4FCB~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6788~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"e"="YAHOOM~1.EXE"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Yahoo! Messenger]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"="Yahoo! Toolbar Uninstall Setup"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\"="{ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d}"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\shadow\"="{1e56432f-6b81-407c-a9c1-ca0da0f7a1ed}"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows Live Contacts\Me]
"C:\Documents and Settings\Torreon\Contacts\removed\"="/DBINST:"ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d" /DBROW:"0a499b1c-000c-adb6-11e0-84d3b47add1a""
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Piriform\CCleaner]
"CookiesToSave"="*.piriform.com|google.com|google.com/accounts|login.live.com|mail.google.com|mail.yahoo.com|www.google.com|www.google.com/accounts|yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Surf Canyon\Settings]
"daily_code"="scIsOnSearchEngineDomain = function() {
return contains(scCurrentPageDomain, '.surfcanyon.') || contains(scCurrentPageDomain, '.google.') || contains(scCurrentPageDomain, '.yahoo.') || contains(scCurrentPageDomain, '.bing.') || contains(scCurrentPageDomain, 'localhost');
};

scSetupSearchLinks = function() {
var href = window.location.href;
if ((window.location.protocol === 'https:') || scIsOnSearchEngineDomain() || contains(scCurrentPageDomain, 'mail.') || contains(scCurrentPageDomain, 'calendar.') || endsWith(href, '.txt') || endsWith(href, '.xml')) {
return;
}

var terms = ['airline', 'apparel', 'bipolar', 'blu-ray', 'camcorder', 'camera', 'clothes', 'clothing', 'cosmetic', 'coupon', 'depression', 'dvd', 'electronics', 'erectile dysfunction', 'flight', 'footwear', 'fragrance', 'games', 'gaming system', 'halo', 'hdtv', 'home theater', 'imac', 'insomnia', 'ipad', 'iphone', 'ipod', 'jailbreak', 'jeans', 'ki
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Surf Canyon\Settings]
"hourly_code2"="scEnableGoogle_hourly = function() {
var args = window.location.search;
var path = window.location.pathname;
return (getAffectGoogle() && contains(scCurrentPageDomain, '.google.') && contains(scCurrentPageDomain, 'www') && ((path === '/') || (path === '/search')) && !contains(args, 'define%3A') && !contains(args, '&swm=2'));
};

scEnableYahoo_hourly = function() {
return getAffectYahoo() && contains(scCurrentPageDomain, 'search.yahoo.com') && !contains(scCurrentPageDomain, 'video.search.') && !contains(scCurrentPageDomain, 'images.search.') && !contains(scCurrentPageDomain, 'news.search.');
};

scEnableBing_hourly = function() {
return getAffectBing() && contains(scCurrentPageDomain, 'bing.com') && (window.location.pathname === '/search');
};

scGetSearchStringFromGoogleSerp_hourly = function() {
var aTags = scGetDocument().getElementsByTagName('a');
var i;
for (i = 0; i < aTags.length; i++) {
var aTag =
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Surf Canyon\Settings]
"hourly_code"="scGetDocument = function() {
return scIsFF ? content.document : document;
};

scExtractUrlFromSpanTag = function(spanTag) {
var url = null;

if (spanTag) {
url = removeSimpleHtmlTags(spanTag.innerHTML, false);

var endPos = url.indexOf(' - ');
if (endPos > 0) {
url = url.substring(0, endPos);
}
}

return url;
};

scExtractHrefFromATag = function(aTag) {
var url;

var href = aTag.getAttribute('href');
if (href) {
url = unescape(href);

if (startsWith(url, 'url')) {
var pos = url.indexOf('href');
if (pos > -1) {
url = url.substring(pos);
}
}

if (startsWith(url, 'http://')) {
url = url.substring(7);
} else if (startsWith(url, 'https://')) {
url = url.substring(8);
}
url = url.replace(/.*:\/\//, '');
}

return url;
};

scGetSRNodes_google = function() {
var nodes = [];

var tags = scGetDocument().getElementsByTagName('li');
var i;
for (i = 0; i < tags.length; i++) {
var tag = tags[i];
var cls = tag.className;
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo]
"ClientUpdatePage"="http://update.messenger.yahoo.com/msgrcli115.html"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\Companion]
"slock"="geocities.yahoo.com,360.yahoo.com,store.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"PreLogin"="http://msg.edit.yahoo.com/config/"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"Http Server"="shttp.msg.yahoo.com/notify/"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"Relay Server"="relay.msg.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"Yahoo! User ID"="jakelandon30"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\defaults]
"VIP"="vcs1.msg.yahoo.com,vcs2.msg.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\defaults]
"HttpVIP"="httpvcs1.msg.yahoo.com,httpvcs2.msg.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\profiles\jakelandon30]
"pref"="Yahoo! Updates"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\profiles\Skins]
"Default_SkinDir"="C:\PROGRA~1\Yahoo!\MESSEN~1\skins\Default"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\Ymsgip]
"Facebook Learn More"="http://help.yahoo.com/l/us/yahoo/messenger/messenger11/connectednetworks/ms11fbchat.html"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"First Login Beacon"="http://pclick.internal.yahoo.com/p/s=97416787/lng=us/rand=%d"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Product Overview"="http://messenger.yahoo.com/overview.php"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Plug-in Gallery"="http://messenger.yahoo.com/external/plugins/gallery.php"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Send Feedback"="http://feedback.help.yahoo.com/feedback.php?.src=MSNGR10&.from=client"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Import Contacts"="https://invite.msg.yahoo.com/go/trueswitch/embed"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"New User Wizard"="https://invite.msg.yahoo.com/go/trueswitch/intro"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2.9.8]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006_Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006_Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2.9.8]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-18\Software\Sygate Technologies, Inc.\Sygate Personal Firewall]
"email"="removed"
[HKEY_USERS\S-1-5-18\Software\Yahoo]

Searching for "au_"
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="au_.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\76]
"Filename"="C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\76]
"DeviceName"="C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="au_.exe"

-= EOF =-

Edited by Orange Blossom, 30 September 2012 - 10:44 PM.
Removed sensitive info. ~ OB


#12 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 04 August 2012 - 05:15 PM

Hi

We will upgade ccleaner the the latest version first, then use it for removing temporary files. Followed by another scan by systemlook to see what the status is after that:

:step1:
Please download the latest version of ccleaner from link to your desktop
Double click on the ccleaner installer and allow it to install the latest version (uninstall the current version if prompted).


:step2:
Make sure all browsers are closed. (eg exit Firefox, Internet explorer.. )


:step3:
1) Start ccleaner
2) On left pane, select the Cleaner tab
3) Make sure that the following are checked under Windows:

Internet explorer

Temporary internet files

System
Temporary files

Advanced
Old prefetch data

4) Make sure that the following are checked under Applications:

Firefox / Mozilla
Internet cache

5) Click the button on the bottom called Run Cleaner

6) Exit ccleaner


:step4:
  • Double-click SystemLook.exe (on your desktop) to run it.
  • Copy the content of the following codebox into the main text field:

    :filefind
    *yahoo*
    *au_*
    
    :folderfind
    *yahoo*  
    
    :regfind
    yahoo
    au_
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

:step5:
Are you still experiencing the problem with au_.exe and yahoo?

Edited by dev00790, 04 August 2012 - 05:18 PM.

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#13 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 04 August 2012 - 05:16 PM

Note - I have edited the above post

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog


#14 copycat

copycat
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:02:35 PM

Posted 10 August 2012 - 06:06 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 17:52 on 05/08/2012 by Torreon
Administrator - Elevation successful

========== filefind ==========

Searching for "*yahoo*"
C:\Documents and Settings\All Users\Desktop\Yahoo! Messenger.lnk --a---- 802 bytes [04:41 14/06/2012] [04:41 14/06/2012] 13FCF63EAFAD5F05D84F171C2CCF793D
C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger\Yahoo! Messenger.lnk --a---- 814 bytes [04:41 14/06/2012] [04:41 14/06/2012] A7A0A0E5633D0C788F034DAABA84F5C0
C:\Documents and Settings\Torreon\Application Data\Microsoft\Internet Explorer\Quick Launch\Yahoo! Messenger.lnk --a---- 820 bytes [04:41 14/06/2012] [04:41 14/06/2012] 3DB2342696C1E64DE8E1391C79B7DBBB
C:\Documents and Settings\Torreon\Cookies\torreon@yahoo[1].txt --a---- 368 bytes [16:00 04/06/2011] [16:00 04/06/2011] 98D346AEF3BB37D5466A812E5058F82B
C:\Documents and Settings\Torreon\Cookies\torreon@yahoo[3].txt --a---- 83 bytes [17:10 05/06/2011] [17:10 05/06/2011] D0803901B45BEDB4B02A98E4C6FA1997
C:\Documents and Settings\Torreon\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_3cp9lcoq32dpn-c.c.yom.mail.yahoo.com_0.localstorage-journal --a---- 3608 bytes [13:24 03/08/2012] [22:50 05/08/2012] CEC40C0344DAA8CC8CF3D81521EBE190
C:\Program Files\Java\jdk1.5.0_22\demo\applets\TicTacToe\audio\yahoo1.au --a---- 7834 bytes [01:37 24/05/2012] [01:37 24/05/2012] 06AF4F84ACFACC05AB810BED1964BCCD
C:\Program Files\Java\jdk1.5.0_22\demo\applets\TicTacToe\audio\yahoo2.au --a---- 7463 bytes [01:37 24/05/2012] [01:37 24/05/2012] EA586C7252A4172E6206EFA49BE0C055
C:\Program Files\Java\jdk1.5.0_22\demo\plugin\applets\TicTacToe\audio\yahoo1.au --a---- 7834 bytes [01:37 24/05/2012] [01:37 24/05/2012] 06AF4F84ACFACC05AB810BED1964BCCD
C:\Program Files\Java\jdk1.5.0_22\demo\plugin\applets\TicTacToe\audio\yahoo2.au --a---- 7463 bytes [01:37 24/05/2012] [01:37 24/05/2012] EA586C7252A4172E6206EFA49BE0C055
C:\Program Files\Mozilla Firefox 4.0 Beta 1\searchplugins\yahoo.xml --a---- 1096 bytes [18:41 07/06/2012] [18:41 07/06/2012] FDE8CE648EB1FCE524978664612B939A
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe --a---- 6595928 bytes [04:41 14/06/2012] [09:25 25/05/2012] 127CD00925C1A2B759765C5B9600DE30
C:\Program Files\Yahoo!\Messenger\Media\RingTones\Yahoo_ring_03.rtl --a---- 67 bytes [04:40 14/06/2012] [05:36 16/02/2012] 797D905BCB498775F4C0AF97ECEA4115
C:\Program Files\Yahoo!\Messenger\Media\RingTones\Yahoo_ring_03.wav --a---- 87478 bytes [04:40 14/06/2012] [05:36 16/02/2012] 97014903D78EE22DB653DDC4E760E5B6
C:\Program Files\Yahoo!\Messenger\skins\Default\images\icn-sharebox-yahoo.png --a---- 3568 bytes [04:41 14/06/2012] [05:35 16/02/2012] C19AF767636C2B800EE91118963CE44F
C:\Program Files\Yahoo!\Messenger\skins\Default\theme\Yahoo!_Messenger.png --a---- 3962 bytes [04:41 14/06/2012] [05:35 16/02/2012] EC473574C1D5A4B1C58ABAFD3AAB8897
C:\Program Files\Yahoo!\Messenger\skins\Default\theme\Yahoo!_Messenger_aero.png --a---- 4257 bytes [04:41 14/06/2012] [05:35 16/02/2012] 74144A3619F183952956920A2D3A1547
C:\WINDOWS\Prefetch\YAHOOMESSENGER.EXE-06E29CD9.pf --a---- 52692 bytes [23:44 28/07/2012] [23:45 28/07/2012] 4F5B5C2954B4C85F30B4563A30C0DAAC

Searching for "*au_*"
C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll --a---- 36352 bytes [00:05 17/03/2012] [00:05 17/03/2012] 01119A5AFD6E0B78E2E897C633DE2AF9
C:\WINDOWS\Prefetch\AU_.EXE-2F72D323.pf --a---- 14378 bytes [01:23 29/07/2012] [13:28 03/08/2012] 4715C626347E394F7E97A1B4F947B04E
C:\WINDOWS\ServicePackFiles\i386\au_plcy.htm ------- 5443 bytes [00:45 18/03/2009] [04:03 04/08/2004] C31221D18CA3D15E685CC352178098AF
C:\WINDOWS\system32\oobe\setup\au_plcy.htm --a---- 13568 bytes [00:45 18/03/2009] [01:17 18/03/2009] 715BE7D6AED8CC1DDE300C52335D75DB

========== folderfind ==========

Searching for "*yahoo* "
C:\Documents and Settings\All Users\Application Data\Yahoo! d------ [02:13 23/07/2011]
C:\Documents and Settings\All Users\Application Data\Yahoo! Companion d------ [04:42 14/06/2012]
C:\Documents and Settings\All Users\Start Menu\Programs\Yahoo! Messenger d------ [04:41 14/06/2012]
C:\Documents and Settings\Torreon\Application Data\Yahoo! d------ [02:13 23/07/2011]
C:\Documents and Settings\Torreon\Local Settings\Application Data\Microsoft\Messenger\removed d------ [00:29 23/05/2011]
C:\Program Files\Yahoo! d------ [16:59 22/11/2011]

========== regfind ==========

Searching for "yahoo"
[HKEY_CURRENT_USER\Software\Genieo]
"is_homepage_chrome_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_CURRENT_USER\Software\Genieo]
"is_homepage_ff_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_CURRENT_USER\Software\Genieo]
"is_homepage_ie_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651}]
"AppPath"="C:\PROGRA~1\Yahoo!\companion\installs\cpn"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.vn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA332C~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.uk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~2.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.tw"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5B10~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAE7E0~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA1710~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.se"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOS~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.pl"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOP~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ph"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~3.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.nz"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADF2D~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.no"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOON~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.my"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6FF7~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.mx"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FF3~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.kr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~4.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"ybb.ne.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOJ~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.it"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.in"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADFFA~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ie"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~2.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.id"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD7DA~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.hk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA2BEF~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.fr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOF~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.es"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOE~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.dk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOH~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.de"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOD~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.cn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA37DB~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD705~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ca"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.br"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA43DB~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.au"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FC7~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ar"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA4FCB~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6788~1.XML"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"e"="YAHOOM~1.EXE"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Yahoo! Messenger]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"="Yahoo! Toolbar Uninstall Setup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\"="{ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\shadow\"="{1e56432f-6b81-407c-a9c1-ca0da0f7a1ed}"
[HKEY_CURRENT_USER\Software\Microsoft\Windows Live Contacts\Me]
"C:\Documents and Settings\Torreon\Contacts\removed\"="/DBINST:"ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d" /DBROW:"0a499b1c-000c-adb6-11e0-84d3b47add1a""
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"CookiesToSave"="*.piriform.com|google.com|google.com/accounts|login.live.com|mail.google.com|mail.yahoo.com|www.google.com|www.google.com/accounts|yahoo.com"
[HKEY_CURRENT_USER\Software\Surf Canyon\Settings]
"daily_code"="scIsOnSearchEngineDomain = function() {
return contains(scCurrentPageDomain, '.surfcanyon.') || contains(scCurrentPageDomain, '.google.') || contains(scCurrentPageDomain, '.yahoo.') || contains(scCurrentPageDomain, '.bing.') || contains(scCurrentPageDomain, 'localhost');
};

scSetupSearchLinks = function() {
var href = window.location.href;
if ((window.location.protocol === 'https:') || scIsOnSearchEngineDomain() || contains(scCurrentPageDomain, 'mail.') || contains(scCurrentPageDomain, 'calendar.') || endsWith(href, '.txt') || endsWith(href, '.xml')) {
return;
}

var terms = ['airline', 'apparel', 'bipolar', 'blu-ray', 'camcorder', 'camera', 'clothes', 'clothing', 'cosmetic', 'coupon', 'depression', 'dvd', 'electronics', 'erectile dysfunction', 'flight', 'footwear', 'fragrance', 'games', 'gaming system', 'halo', 'hdtv', 'home theater', 'imac', 'insomnia', 'ipad', 'iphone', 'ipod', 'jailbreak', 'jeans', 'kindle', 'kinect', 'laptop', 'lenovo', 'l
[HKEY_CURRENT_USER\Software\Surf Canyon\Settings]
"hourly_code2"="scEnableGoogle_hourly = function() {
var args = window.location.search;
var path = window.location.pathname;
return (getAffectGoogle() && contains(scCurrentPageDomain, '.google.') && contains(scCurrentPageDomain, 'www') && ((path === '/') || (path === '/search')) && !contains(args, 'define%3A') && !contains(args, '&swm=2'));
};

scEnableYahoo_hourly = function() {
return getAffectYahoo() && contains(scCurrentPageDomain, 'search.yahoo.com') && !contains(scCurrentPageDomain, 'video.search.') && !contains(scCurrentPageDomain, 'images.search.') && !contains(scCurrentPageDomain, 'news.search.');
};

scEnableBing_hourly = function() {
return getAffectBing() && contains(scCurrentPageDomain, 'bing.com') && (window.location.pathname === '/search');
};

scGetSearchStringFromGoogleSerp_hourly = function() {
var aTags = scGetDocument().getElementsByTagName('a');
var i;
for (i = 0; i < aTags.length; i++) {
var aTag = aTags[i];
var href = aTag.href;
if ((co
[HKEY_CURRENT_USER\Software\Surf Canyon\Settings]
"hourly_code"="scGetDocument = function() {
return scIsFF ? content.document : document;
};

scExtractUrlFromSpanTag = function(spanTag) {
var url = null;

if (spanTag) {
url = removeSimpleHtmlTags(spanTag.innerHTML, false);

var endPos = url.indexOf(' - ');
if (endPos > 0) {
url = url.substring(0, endPos);
}
}

return url;
};

scExtractHrefFromATag = function(aTag) {
var url;

var href = aTag.getAttribute('href');
if (href) {
url = unescape(href);

if (startsWith(url, 'url')) {
var pos = url.indexOf('href');
if (pos > -1) {
url = url.substring(pos);
}
}

if (startsWith(url, 'http://')) {
url = url.substring(7);
} else if (startsWith(url, 'https://')) {
url = url.substring(8);
}
url = url.replace(/.*:\/\//, '');
}

return url;
};

scGetSRNodes_google = function() {
var nodes = [];

var tags = scGetDocument().getElementsByTagName('li');
var i;
for (i = 0; i < tags.length; i++) {
var tag = tags[i];
var cls = tag.className;
var h = tag.innerHTML;
if (cls && ((cl
[HKEY_CURRENT_USER\Software\Yahoo]
[HKEY_CURRENT_USER\Software\Yahoo]
"ClientUpdatePage"="http://update.messenger.yahoo.com/msgrcli115.html"
[HKEY_CURRENT_USER\Software\Yahoo\Companion]
"slock"="geocities.yahoo.com,360.yahoo.com,store.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"PreLogin"="http://msg.edit.yahoo.com/config/"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"Http Server"="shttp.msg.yahoo.com/notify/"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"Relay Server"="relay.msg.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager]
"Yahoo! User ID"="jakelandon30"
[HKEY_CURRENT_USER\Software\Yahoo\pager\defaults]
"VIP"="vcs1.msg.yahoo.com,vcs2.msg.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager\defaults]
"HttpVIP"="httpvcs1.msg.yahoo.com,httpvcs2.msg.yahoo.com"
[HKEY_CURRENT_USER\Software\Yahoo\pager\profiles\jakelandon30]
"pref"="Yahoo! Updates"
[HKEY_CURRENT_USER\Software\Yahoo\pager\profiles\Skins]
"Default_SkinDir"="C:\PROGRA~1\Yahoo!\MESSEN~1\skins\Default"
[HKEY_CURRENT_USER\Software\Yahoo\pager\Ymsgip]
"Facebook Learn More"="http://help.yahoo.com/l/us/yahoo/messenger/messenger11/connectednetworks/ms11fbchat.html"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"First Login Beacon"="http://pclick.internal.yahoo.com/p/s=97416787/lng=us/rand=%d"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Product Overview"="http://messenger.yahoo.com/overview.php"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Plug-in Gallery"="http://messenger.yahoo.com/external/plugins/gallery.php"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Send Feedback"="http://feedback.help.yahoo.com/feedback.php?.src=MSNGR10&.from=client"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"Import Contacts"="https://invite.msg.yahoo.com/go/trueswitch/embed"
[HKEY_CURRENT_USER\Software\Yahoo\pager\YUrl]
"New User Wizard"="https://invite.msg.yahoo.com/go/trueswitch/intro"
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2]
[HKEY_CURRENT_USER\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2.9.8]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}\InprocServer32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}\InprocServer32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24F3EAD6-8B87-4C1A-97DA-71C126BDA08F}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\ft60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}]
@="Yahoo! Audio Conferencing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacscom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\ProgID]
@="Yahoo.AudioConf.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacscom.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2B323CD9-50E3-11D3-9466-00A0C9700498}\VersionIndependentProgID]
@="Yahoo.AudioConf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3C16E079-E4C7-493C-BE9F-E0F2BB0B7430}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF98F64-474B-416F-A5B8-B593F8B44D24}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\PhotoShare.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6FF98F64-474B-416F-A5B8-B593F8B44D24}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\PhotoShare.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}]
@="Yahoo! Audio UI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\ProgID]
@="Yahoo.AudioUI1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D1E9C49-BD6A-11D3-87A8-009027A35D73}\VersionIndependentProgID]
@="Yahoo.AudioUI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7DB8B625-DBF0-4491-B544-5A06F7B17BB4}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{85E8A802-0A46-46A9-AE70-41AC2A01FED2}\InProcServer32]
@="C:\Program Files\Yahoo!\Messenger\ypagerps.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E74A0AE-F0ED-47ED-A940-A8E99687646B}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D39223E-AE8E-11D4-8FD3-00D0B7730277}]
@="Yahoo! Webcam Viewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D39223E-AE8E-11D4-8FD3-00D0B7730277}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\ywcvwr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D39223E-AE8E-11D4-8FD3-00D0B7730277}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\ywcvwr.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9DE77B51-89F6-468E-9402-16050382E950}\LocalServer32]
@=""C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DA4F543C-C8A9-4E88-9A79-548CBB46F18F}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, 102"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}]
@="Yahoo! Webcam Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\ywcupl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DCE2F8B1-A520-11D4-8FD0-00D0B7730277}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\ywcupl.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}\LocalServer32]
@="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}]
@="Yahoo! VU Meter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\ProgID]
@="Yahoo.VuMeter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EB54205E-BF1F-11D3-87A8-009027A35D73}\VersionIndependentProgID]
@="Yahoo.VuMeter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}]
@="Yahoo! Audio Slider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\InprocServer32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\ProgID]
@="Yahoo.AudioSlider.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\ToolboxBitmap32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll, 101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EC1831E0-C231-11D3-87A8-009027A35D73}\VersionIndependentProgID]
@="Yahoo.AudioSlider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0\0\win32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}\5.0\HELPDIR]
@="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2B323CCC-50E3-11D3-9466-00A0C9700498}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\yacscom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{2C5D34C5-99DE-4F84-95BE-2F18DC3BE4AB}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\PhotoShare.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\ytbb.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}\1.0\HELPDIR]
@="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{7D1E9C3C-BD6A-11D3-87A8-009027A35D73}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\yacsui.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9A5EC81C-23AD-4192-82C1-298B2058C444}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\ft60.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D392231-AE8E-11D4-8FD3-00D0B7730277}\1.0]
@="Yahoo! Webcam Viewer 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{9D392231-AE8E-11D4-8FD3-00D0B7730277}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\ywcvwr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{B2865C5C-9F6D-4D28-B600-0BD6E15952C1}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6B279A3-D11F-41FB-9EA7-233B2938A7DC}\1.0]
@="Yahoo! Messenger TypeLib"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{C6B279A3-D11F-41FB-9EA7-233B2938A7DC}\1.0\0\win32]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe\2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCE2F8A1-A520-11D4-8FD0-00D0B7730277}\1.0]
@="Yahoo! Webcam Upload 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DCE2F8A1-A520-11D4-8FD0-00D0B7730277}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Messenger\ywcupl.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{E5D12C41-7B4F-11D3-B5C9-0050045C3C96}\1.0\0\win32]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\0\win32]
@="C:\Program Files\Yahoo!\Companion\Installs\cpn1\visic_coupon.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{F6C2BABA-9E4C-425F-9AEC-24AB8F2B640D}\1.0\HELPDIR]
@="C:\PROGRA~1\Yahoo!\Companion\Installs\cpn0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf]
@="Yahoo! Audio Conferencing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf\CurVer]
@="Yahoo.AudioConf.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioConf.1]
@="Yahoo! Audio Conferencing"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider]
@="Yahoo! Audio Slider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider\CurVer]
@="Yahoo.AudioSlider.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioSlider.1]
@="Yahoo! Audio Slider"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1]
@="Yahoo! Audio UI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1\CurVer]
@="Yahoo.Audio UI1.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.AudioUI1.1]
@="Yahoo! Audio UI1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.Messenger\CurVer]
@="Yahoo.Messenger.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.Messenger.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.MessengerCompanionControl]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.MessengerCompanionControl\CurVer]
@="Yahoo.MessengerCompanionControl.5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.MessengerCompanionControl.5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter]
@="Yahoo! VU Meter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter\CurVer]
@="Yahoo.VuMeter.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter.1]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Yahoo.VuMeter.1]
@="Yahoo! VU Meter"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ymsgr\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ymsgrj\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YPager.Messenger\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YPager.Messenger.1\shell\open\command]
@=""C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YTHelper]
@="&Yahoo! Toolbar Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YTHelper.2]
@="&Yahoo! Toolbar Helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YToolbarBand]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\yt.YToolbarBand.1]
@="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcUpl.WcUpload]
@="Yahoo! Webcam Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcUpl.WcUpload.1]
@="Yahoo! Webcam Upload"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcVwr.WcViewer]
@="Yahoo! Webcam Viewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\YWcVwr.WcViewer.1]
@="Yahoo! Webcam Viewer"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger]
@="Yahoo! Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger\Protocols\callto\DefaultIcon]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger\Protocols\callto\shell\open\command]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe ymsgr:callto? %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Internet Call\Yahoo! Messenger\shell\open\command]
@="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe ymsgr:callto? %1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}]
"ComponentID"="Yahoo! Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}]
"AppPath"="C:\Program Files\Yahoo!\Companion\Installs\cpn1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://http://www.yahoo.com/?ilc=8.yahoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="http://http://www.yahoo.com/?ilc=8.yahoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Yahoo! Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"UninstallString"="C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"DisplayName"="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"DisplayIcon"="C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll,-5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"InstallLocation"="C:\Program Files\Yahoo!\Companion\Installs\cpn1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion]
"Publisher"="Yahoo! Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"DisplayName"="Yahoo! Messenger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"UninstallString"="C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"Publisher"="Yahoo! Inc."
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger]
"DisplayIcon"="C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe,-0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar]
"UninstallString"="C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"="Yahoo Messenger State Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Path"="C:\Program Files\Yahoo!\Shared\npYState.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Product"="Yahoo Messenger State Plugin"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Vendor"="Yahoo"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6\MimeTypes\application/x-vnd.yahoo.messenger.state]
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo]
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"Apptitle"="Yahoo! Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"yid"="C:\PROGRA~1\Yahoo!"
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"UninstallerPath"="C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Yahoo\Companion]
"InstallPath"="C:\Program Files\Yahoo!\Companion\Installs\cpn1"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\127]
"Filename"="C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\127]
"DeviceName"="C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\92]
"Filename"="C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\92]
"DeviceName"="C:\Documents and Settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\95]
"Filename"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\95]
"DeviceName"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\.DEFAULT\Software\Sygate Technologies, Inc.\Sygate Personal Firewall]
"email"="removed"
[HKEY_USERS\.DEFAULT\Software\Yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\escdomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Genieo]
"is_homepage_chrome_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Genieo]
"is_homepage_ff_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Genieo]
"is_homepage_ie_url"="http://yahoo.genieo.com/?v=w3i3"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8E66592B-8E7C-4A14-88A5-8BF21032F651}]
"AppPath"="C:\PROGRA~1\Yahoo!\companion\installs\cpn"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.vn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA332C~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.uk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~2.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.tw"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5B10~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.th"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAE7E0~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.sg"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA1710~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.se"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOS~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.pl"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOP~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ph"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~3.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.nz"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADF2D~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.no"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOON~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.my"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6FF7~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.mx"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FF3~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.kr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~4.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"ybb.ne.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOJ~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.it"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.in"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YADFFA~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ie"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOI~2.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.id"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD7DA~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.hk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA2BEF~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.fr"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOF~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.es"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOE~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.dk"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOH~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.de"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOD~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.cn"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA37DB~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.co.jp"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAD705~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.ca"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YAHOOC~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.br"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA43DB~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.au"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA5FC7~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com.ar"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA4FCB~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Office\12.0\Outlook\AutoDiscover]
"yahoo.com"="C:\PROGRA~1\MICROS~3\Office12\OUTLOO~1\YA6788~1.XML"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\OpenWithList]
"e"="YAHOOM~1.EXE"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Yahoo! Messenger]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE"="Yahoo! Toolbar Uninstall Setup"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\"="{ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d}"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows Live Contacts\Database]
"C:\Documents and Settings\Torreon\Contacts\removed\shadow\"="{1e56432f-6b81-407c-a9c1-ca0da0f7a1ed}"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Microsoft\Windows Live Contacts\Me]
"C:\Documents and Settings\Torreon\Contacts\removed\"="/DBINST:"ea8a7a5e-db55-4b7c-a1b3-280b3a83da3d" /DBROW:"0a499b1c-000c-adb6-11e0-84d3b47add1a""
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Piriform\CCleaner]
"CookiesToSave"="*.piriform.com|google.com|google.com/accounts|login.live.com|mail.google.com|mail.yahoo.com|www.google.com|www.google.com/accounts|yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Surf Canyon\Settings]
"daily_code"="scIsOnSearchEngineDomain = function() {
return contains(scCurrentPageDomain, '.surfcanyon.') || contains(scCurrentPageDomain, '.google.') || contains(scCurrentPageDomain, '.yahoo.') || contains(scCurrentPageDomain, '.bing.') || contains(scCurrentPageDomain, 'localhost');
};

scSetupSearchLinks = function() {
var href = window.location.href;
if ((window.location.protocol === 'https:') || scIsOnSearchEngineDomain() || contains(scCurrentPageDomain, 'mail.') || contains(scCurrentPageDomain, 'calendar.') || endsWith(href, '.txt') || endsWith(href, '.xml')) {
return;
}

var terms = ['airline', 'apparel', 'bipolar', 'blu-ray', 'camcorder', 'camera', 'clothes', 'clothing', 'cosmetic', 'coupon', 'depression', 'dvd', 'electronics', 'erectile dysfunction', 'flight', 'footwear', 'fragrance', 'games', 'gaming system', 'halo', 'hdtv', 'home theater', 'imac', 'insomnia', 'ipad', 'iphone', 'ipod', 'jailbreak', 'jeans', 'ki
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Surf Canyon\Settings]
"hourly_code2"="scEnableGoogle_hourly = function() {
var args = window.location.search;
var path = window.location.pathname;
return (getAffectGoogle() && contains(scCurrentPageDomain, '.google.') && contains(scCurrentPageDomain, 'www') && ((path === '/') || (path === '/search')) && !contains(args, 'define%3A') && !contains(args, '&swm=2'));
};

scEnableYahoo_hourly = function() {
return getAffectYahoo() && contains(scCurrentPageDomain, 'search.yahoo.com') && !contains(scCurrentPageDomain, 'video.search.') && !contains(scCurrentPageDomain, 'images.search.') && !contains(scCurrentPageDomain, 'news.search.');
};

scEnableBing_hourly = function() {
return getAffectBing() && contains(scCurrentPageDomain, 'bing.com') && (window.location.pathname === '/search');
};

scGetSearchStringFromGoogleSerp_hourly = function() {
var aTags = scGetDocument().getElementsByTagName('a');
var i;
for (i = 0; i < aTags.length; i++) {
var aTag =
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Surf Canyon\Settings]
"hourly_code"="scGetDocument = function() {
return scIsFF ? content.document : document;
};

scExtractUrlFromSpanTag = function(spanTag) {
var url = null;

if (spanTag) {
url = removeSimpleHtmlTags(spanTag.innerHTML, false);

var endPos = url.indexOf(' - ');
if (endPos > 0) {
url = url.substring(0, endPos);
}
}

return url;
};

scExtractHrefFromATag = function(aTag) {
var url;

var href = aTag.getAttribute('href');
if (href) {
url = unescape(href);

if (startsWith(url, 'url')) {
var pos = url.indexOf('href');
if (pos > -1) {
url = url.substring(pos);
}
}

if (startsWith(url, 'http://')) {
url = url.substring(7);
} else if (startsWith(url, 'https://')) {
url = url.substring(8);
}
url = url.replace(/.*:\/\//, '');
}

return url;
};

scGetSRNodes_google = function() {
var nodes = [];

var tags = scGetDocument().getElementsByTagName('li');
var i;
for (i = 0; i < tags.length; i++) {
var tag = tags[i];
var cls = tag.className;
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo]
"ClientUpdatePage"="http://update.messenger.yahoo.com/msgrcli115.html"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\Companion]
"slock"="geocities.yahoo.com,360.yahoo.com,store.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"PreLogin"="http://msg.edit.yahoo.com/config/"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"Http Server"="shttp.msg.yahoo.com/notify/"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"Relay Server"="relay.msg.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager]
"Yahoo! User ID"="jakelandon30"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\defaults]
"VIP"="vcs1.msg.yahoo.com,vcs2.msg.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\defaults]
"HttpVIP"="httpvcs1.msg.yahoo.com,httpvcs2.msg.yahoo.com"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\profiles\jakelandon30]
"pref"="Yahoo! Updates"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\profiles\Skins]
"Default_SkinDir"="C:\PROGRA~1\Yahoo!\MESSEN~1\skins\Default"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\Ymsgip]
"Facebook Learn More"="http://help.yahoo.com/l/us/yahoo/messenger/messenger11/connectednetworks/ms11fbchat.html"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"First Login Beacon"="http://pclick.internal.yahoo.com/p/s=97416787/lng=us/rand=%d"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Product Overview"="http://messenger.yahoo.com/overview.php"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Plug-in Gallery"="http://messenger.yahoo.com/external/plugins/gallery.php"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Send Feedback"="http://feedback.help.yahoo.com/feedback.php?.src=MSNGR10&.from=client"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"Import Contacts"="https://invite.msg.yahoo.com/go/trueswitch/embed"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Yahoo\pager\YUrl]
"New User Wizard"="https://invite.msg.yahoo.com/go/trueswitch/intro"
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006\Software\Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2.9.8]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006_Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1006_Classes\MIME\Database\Content Type\application/x-yahoo-browserplus_2.9.8]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-21-1715567821-1214440339-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\panet.org\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\wwwyahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\downloadznow.net\yahoo]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\panet.org\yahoo]
[HKEY_USERS\S-1-5-18\Software\Sygate Technologies, Inc.\Sygate Personal Firewall]
"email"="removed"
[HKEY_USERS\S-1-5-18\Software\Yahoo]

Searching for "au_"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\76]
"Filename"="C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\76]
"DeviceName"="C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe"

-= EOF =-

Yes, I still have the issue with au_.exe and yahoo toolbar.

Edited by Orange Blossom, 30 September 2012 - 10:47 PM.
Removed sensitive info. ~ OB


#15 dev00790

dev00790

    Bleeping Chocoholic


  • Members
  • 5,037 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:07:35 PM

Posted 10 August 2012 - 06:58 PM

Hi

Please do the following next:

:step1:

Please uninstall Surf Canyon

Open Firefox and select "Tools" from the top menu.
Select "Add-ons", then select "Extensions", and then click the "uninstall" button next to Surf Canyon.
The browser extension will be removed the next time you restart Firefox.

- This is to see if this helps / solves the problem.


:step2:

Please uninstall Mozilla Firefox 4.0 Beta 1

This is since it is found below:

C:\Program Files\Mozilla Firefox 4.0 Beta 1\searchplugins\yahoo.xml --a---- 1096 bytes [18:41 07/06/2012] [18:41 07/06/2012] FDE8CE648EB1FCE524978664612B939A

This is very old software, and has numerous vulnerabilities which can expose your computer to becoming infected by malware.

You can do this via: Start > Control Panel > Add \ Remove Programs.
If it doesn't show here, then please let me know.


:step3:

The below says that a rule has been setup for the Au_.exe file in Comodo Firewall.

[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\76]
"Filename"="C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\COMODO\Firewall Pro\Configurations\2\Firewall\Policy\76]
"DeviceName"="C:\Documents and Settings\Torreon\Local Settings\Temp\~nsu.tmp\Au_.exe"

Did you allow this?


:step4:

  • Double-click SystemLook.exe (on your desktop) to run it.
  • Copy the content of the following codebox into the main text field:

    :filefind
    *yahoo*
    *au_*
    *firefox*
    *surf canyon*
    *surfcanyon*
    
    :folderfind
    *yahoo*
    *firefox*
    *surf canyon*
    *surfcanyon*
    
    :regfind
    yahoo
    au_
    firefox
    surf canyon
    surfcanyon
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt.


:step5:

How is the computer running now?

Regards, dev00790

---------------------------------------

Marge: "Homer, the plant called. They said if you don't show up tomorrow don't bother showing up on Monday." Homer: "Woo-hoo! Four-day weekend!"I do not reply to Private Messages (PMs) asking for assistance - please use the forums instead. If I have been helping you, and I have not replied to your latest post in 48 hours please send me a PM. My Blog





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users