Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple infections ZeroAccess MBR.0 livesearchnow


  • This topic is locked This topic is locked
61 replies to this topic

#1 Icanhazrootkit

Icanhazrootkit

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 31 October 2012 - 12:27 PM

Attached File  additional logs.zip   8.7KB   4 downloads
LINK FROM

(TLDR version... dds.txt is posted below and attach.txt is zipped and attached.)

The system I'm using to write this is the simpler of the two and the other system will be exporting VM appliances to an NAS for several hours.

So, I'll post for this machine first and hopefully get the mouse working again so I can navigate a bit easier.

Both are XP-64, so, no GMEL log.

CD/DVD drives for both systems are crippled.
I attempted to boot from the original installation media on the other machine to repair files but windows was unable to find a valid partition... which is when I suspected that an MBR rootkit might be involved.
No CD/DVD emulators on this system
The other system has IsoMagic virtual CD/DVD installed and I may or may not be able to disable it... Function is just that problematic.
This this system is almost stable, the other has very limited function for what programs will run. Processes load but GUI's do not appear.
This system boots and shuts down. The other must be reset/crashed to reboot and will not load explorer unless explorer.exe is forced shut from taskman and then reopened manually.
This system boots normally. The other must be booted to safe mode for anything to work nearly as expected.

On this system I have managed to run a few tools including roguekiller. aswMBR, and TDSSkiller. TDSSkiller found a few bits and pieces, as did aswMBR (with MBR.dat saved and a copy made to the NAS system) but roguekiller found both zeroaccess and MBR.0 and successfully removed them. No such luck with the other system

Both have had Agnitum Outpost running for about two years with automatic updates every 4 hours.
The acs.exe service (Outpost) runs at boot on both, but the Op_Man taskbar icon will only load on this system.
On this system the Outpost control panel will load. On the other, it will not. Almost nothing will. Processes load but GUI's will not.
On this system, taskman works as expected and processes can be started or killed. On the other Some processes can be killed and some fail to shut.

On this system the audio driver and mouse driver both appear to be dead (not a hardware issue). On the other, the mouse and audio work fine.

What is surprising to me is that Oracle VirtualBox will run on t5he other system with the GUI appearing, and more surprising that it will do so in both normal and safe modes... It is currently running in safe mode offloading several virtual machine setups to the safety of a Linux based NAS system.

On this system I have managed to get AVG off and Comodo on. Avast and Malwarebytes report that they have expired while they have only just been installed. Comodo will not install on the other system because the installer will not run in either normal of safe modes.

I neglected to check that Java updated correctly on this machine and the update appears to have failed with version 7, so it is still stuck on v6update30. I will download the installers but will refrain from installing until told to.



________________________________________________________________________

dds.txt for System: Grace. Files for the other system will follow when it has completed backups and data exports.
________________________________________________________________________

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Grace at 10:41:16 on 2012-10-31
.
============== Running Processes ================
.
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [tvncontrol] "c:\program files\common files\comodo\GeekBuddyRSP.exe" -controlservice -slave
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1261576035671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.2.1 209.18.47.61 209.18.47.62 192.168.2.1
TCP: Interfaces\{012CAEAC-798C-4675-BC66-5B6D58723841} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{012CAEAC-798C-4675-BC66-5B6D58723841} : DHCPNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 192.168.2.1
TCP: Interfaces\{A0EC9268-60C8-437F-AE89-6A2F43478B1A} : NameServer = 8.26.56.26,156.154.70.22
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\grace\application data\mozilla\firefox\profiles\3x52ewoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\grace\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - ExtSQL: 2012-10-29 22:54; wrc@avast.com; c:\progra~1\avasts~1\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2009-12-23 09:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R? Ambfilt;Ambfilt
R? ASWFilt;ASWFilt
R? aswFsBlk;aswFsBlk
R? MozillaMaintenance;Mozilla Maintenance Service
R? WinRM;Windows Remote Management (WS-Management)
S? acssrv;Agnitum Client Security Service
S? afw;Agnitum firewall driver
S? afwcore;afwcore
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? CLPSLauncher;COMODO LPS Launcher
S? cmdAgent;COMODO Internet Security Helper Service
S? cmderd;COMODO Internet Security Eradication Driver
S? cmdGuard;COMODO Internet Security Sandbox Driver
S? DragonUpdater;COMODO Dragon Update Service
S? ES lite Service;ES lite Service for program management.
S? GeekBuddyRSP;GeekBuddy Remote Screen Protocol
S? MBAMProtector;MBAMProtector
S? MBAMScheduler;MBAMScheduler
S? MBAMService;MBAMService
S? SandBox;SandBox
.
=============== File Associations ===============
.
FileExt: .ini: Applications\megamud.exe="c:\program files\megamud\megamud.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-10-31 08:31:53 -------- d-----w- c:\program files\common files\Comodo
2012-10-31 08:31:05 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-10-31 08:25:51 112833 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-10-31 08:19:01 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-10-31 08:18:57 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-10-31 08:18:50 -------- d-----w- c:\documents and settings\grace\local settings\application data\Comodo
2012-10-31 08:18:39 -------- d-----w- c:\program files\Comodo
2012-10-31 08:18:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-10-31 08:18:36 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-31 08:18:36 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-10-30 02:54:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 02:54:16 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 02:54:00 -------- d-----w- c:\program files\AVAST Software
2012-10-30 02:54:00 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-10-29 12:03:20 -------- d-----w- c:\documents and settings\grace\application data\Windows Search
2012-10-10 20:19:38 192000 ----a-w- c:\documents and settings\grace\qqxxeunwnsph.exe
2012-10-10 20:19:37 230912 ----a-w- c:\documents and settings\grace\rotnusbppjbnnex.exe
2012-10-10 05:05:00 365056 ----a-w- c:\documents and settings\grace\gbitpbfbosoe.exe
2012-10-05 22:39:48 366592 ----a-w- c:\documents and settings\grace\suysikkzmovytnkkzjpgpnmu.exe
2012-10-05 05:32:58 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-10-05 05:32:58 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-10-05 05:32:54 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-10-05 05:32:14 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-05 05:32:12 301264 ----a-w- c:\windows\system32\guard32.dll
2012-10-03 20:31:18 365056 ----a-w- c:\documents and settings\grace\mmrlcvceidfnhzzopycmabz.exe
.
==================== Find3M ====================
.
2012-10-31 08:38:11 17488 ----a-w- c:\windows\gdrv.sys
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 10:44:17.25 ===============


UPDATE:
_____________________________________________________

end of log for System: Grace

Beginning of logs for System: Myownlittleworld
______________________________________________________

defogger_disabled log
**********************
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:28 on 31/10/2012 (Wannabe)

Checking for autostart values...
HKCU\~\Run values retrieved.
Unable to open HKLM\~\Run key (5)
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
**********************

Defogger will also not run in normal mode. The process loads in taskman, but no dialog pops up.
From safe mode it runs producing the above log.
I do indeed have MagicDisk Isomagic CD/DVD virtual disk software installed, though there is no currently mounted media.
I do not know whether it unloads its driver when it is unmounted, but defogger does not appear to find it.


dds.com will not run in normal mode and in safe mode it runs with the error "The operating system is not supported."
dds.com apparently requires 32bit emulation not available in safe mode.

On system: Grace the logs requested are posted.
On system: myownlittleworld, I am unable to produce the dds log and the defogger log doesn't indicate that the virtual CD/DVD driver that should be loaded can be found. Curious.

I find it very odd that Oracle VirtualBox runs in both modes without apparent problems in either. Maybe there is a clue in that, I don't know.
From here I sit on my hands and wait till I get further instructions.

Attached Files


Edited by Icanhazrootkit, 01 November 2012 - 02:41 AM.


BC AdBot (Login to Remove)

 


#2 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:39 AM

Posted 02 November 2012 - 07:47 PM

Hello, :)

I will be handling your topic, please give me some time to look over your logs, and I will return with your first set of instructions. Please make no further changes to your computer.

Best Regards,
oneof4.


#3 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 02 November 2012 - 08:17 PM

Greetings, Oneof4 and thanks very much.
No worries, take your time.
Haven't done anything since I figured that I needed help on this other than export some data I'd rather not lose.

Just a suggestion... This will probably be easier if we concentrate on Grace first. The mouse and audio don't work but it boots and shuts down correctly and getting the mouse working will make it much easier to use while fixing my-own-ltl-wrld which is a much sicker machine.

#4 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:39 AM

Posted 03 November 2012 - 06:15 AM

:thumbup2:

Best Regards,
oneof4.


#5 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:39 AM

Posted 05 November 2012 - 06:56 AM

Hello Icanhazrootkit, and :welcome: to the Virus/Trojan/Spyware/Malware Removal forum.

I am oneof4, and I am here to help you!

  • I ask that you refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received and do not proceed if you need clarification.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems please stop and tell me about it. When your computer is clean I will alert you of such. I will also provide you with detailed suggestions for prevention.
  • At the top right-center of the topic you will see a button called Watch Topic. If you click on this, another page will open. Please choose Immediate Notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  • If after 5 days you have not replied to this topic, I will assume it has been abandoned, and I will close it.
  • I would also like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. :heart: Please be courteous and appreciative for the assistance provided!
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. Your computer fix will be based on the current condition of your computer! Any changes might delay my ability to help you.

==========

Yes, let's take care of the "Grace" machine first.

==========

One or more of the identified infections is a backdoor trojan. (ZeroAccess)

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you desire to continue with the attempted cleaning, please follow the next set of instructions.

==========

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Best Regards,
oneof4.


#6 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 November 2012 - 01:03 PM

I've messed this up on multiple levels, but I don't think the end result is horrible.

I made an assumption that since I ordered this machine with XP-64, that XP-64 is how it was equipped. Silly me, thinking I'd actually received what I paid for.

The TLDR version comes to this... I gave you information which is inaccurate and failed to provide the requested GMER log assuming that GMER would not run, because it can't run on the other system and because GMER doesn't run on 64-bit systems... So, I'm feeling a bit more like an idiot than when this all started, which just adds to the fail.

In addition to that, Comodo ran a scheduled scan Sunday and quarantined about 130 files, and things like the audio and mouse returned to working condition...

Since the partial information I'd given you was already inaccurate, I went ahead and uninstalled Java 6 and removed its residues manually and replacedd it with Java 7u9.
I uninstalled Flash 11.2 which may have been the point of access for the exploit in the first place.
I also uninstalled Malwarebytes and Avast both of which have been fooled into thinking they are expired and are pretty much useless or worse than useless.
Malwarebytes uninstalled gracefully... Avast has behaved much like Norton in requiring an additional uninstaller and doing a completely ineffective job of removal after being completely ineffective as an anti-virus. It has left crap everywhere including services which don't start. I'm completely disappointed.

I was trying to simplify things a bit by removing vulnerable and ineffective stuff that would add to logs unnecessarily. I was only partially successful.

On updating Java, Windows update and IE8 became functional, so I allowed it to pull updates. One was a hotfix for activex killbits and one was an update for .net platform 4.0... 5 additional updates which appeared after restart were also hotfixes for .net 4.0.

Yup... I did exactly what I was instructed not to do in changing/updating software, but it's my hope you'll understand that it was opportunistic rather than the product of impatience... I figure that I had already screwed this up from the outset by making an assumption and giving you the wrong info.

Hopefully I haven't caused you to facepalm yourself into unconsciousness.
If you're not hopelessly frustrated with me, let me start over... with less stupid this time.
I've supplied the information you requested for Grace in the first place and it may change your strategy.

Your concerns about the dangers of RATs are well met, but we do our banking by phone. The worst someone might be able to do is pay our light bill but I see very little possibility of that happening. This machine gets used mostly for email and facebook... My wife has already warned her friends not to follow any links apparently posted by her account.

The system: Grace currently displays two symptoms of being "not quite right."
The Java item is missing from Control Panel, and the Security tab is missing from file/folder properties.
The mouse works. Audio works. Windows update works (and I wasn't even aware it was broken before now).
It boots correctly and shuts cleanly.
Event logs record a few problems which occurred while booted into safemode to run the avast uninstaller, but most of these are not in evidence later in the event log after restart.

There is a curious error noted however that i8042prt "Could not set the keyboard typematic rate and delay." and "Could not set the keyboard indicator lights."


These logs are freshly run. As requested. the Attach log will be pasted inline rather than attached.
This is the information you should have received in the first place.
Comodo "Defense+" disabled
Outpost protection suspended.
No CD/DVD emulation softwares on this system.

__________________________________________
dds.txt log
__________________________________________

DDS (Ver_2012-10-19.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Grace at 11:43:49 on 2012-11-05
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1155 [GMT -5:00]
.
AV: COMODO Antivirus *Enabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Outpost Firewall Pro *Disabled*
.
============== Running Processes ================
.
C:\Program Files\Common Files\Comodo\launcher_service.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
C:\Program Files\Comodo\Dragon\dragon_updater.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe
C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Comodo\GeekBuddy\unit_manager.exe
C:\Program Files\Comodo\GeekBuddy\unit.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [OutpostFeedBack] "c:\program files\agnitum\outpost firewall pro\feedback.exe" /dump:os_startup
mRun: [OutpostMonitor] "c:\progra~1\agnitum\outpos~1\op_mon.exe" /tray /noservice
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [tvncontrol] "c:\program files\common files\comodo\tvnserver.exe" -controlservice -slave
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\docume~1\grace\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\startg~1.lnk - c:\program files\comodo\geekbuddy\launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {44627E97-789B-40d4-B5C2-58BD171129A1} - {A1A7E22D-1587-4230-8F16-081C68D21448}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
LSP: mswsock.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1352040242421
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1352041939140
TCP: NameServer = 192.168.2.1 209.18.47.61 209.18.47.62 192.168.2.1
TCP: Interfaces\{012CAEAC-798C-4675-BC66-5B6D58723841} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{012CAEAC-798C-4675-BC66-5B6D58723841} : DHCPNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 192.168.2.1
TCP: Interfaces\{A0EC9268-60C8-437F-AE89-6A2F43478B1A} : NameServer = 8.26.56.26,156.154.70.22
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\grace\application data\mozilla\firefox\profiles\3x52ewoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\grace\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - ExtSQL: !HIDDEN! 2009-12-23 09:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-29 738504]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [2012-10-5 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2012-10-5 497952]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [2009-12-23 710824]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\agnitum\outpos~1\acs.exe [2009-12-23 2040144]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\common files\comodo\launcher_service.exe [2012-11-1 70352]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2012-10-5 1990464]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\comodo\dragon\dragon_updater.exe [2012-10-11 1853584]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-12-23 68136]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\common files\comodo\GeekBuddyRSP.exe [2012-10-31 1467088]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [2009-12-23 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [2009-12-23 267624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-23 1684736]
S3 ASWFilt;ASWFilt;c:\windows\system32\filt\ASWFilt.dll [2009-12-23 72352]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-7 115168]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18

753504]
.
=============== File Associations ===============
.
FileExt: .ini: Applications\megamud.exe="c:\program files\megamud\megamud.exe" "%1" [UserChoice]
.
=============== Created Last 30 ================
.
2012-11-04 16:09:20 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 15:16:48 -------- d-----w- c:\documents and settings\grace\local settings\application data\ApplicationHistory
2012-11-04 15:10:57 -------- d-----w- c:\program files\common files\Comodo
2012-10-31 08:31:05 -------- d-----w- c:\documents and settings\all users\application data\CPA_VA
2012-10-31 08:25:51 409424 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-10-31 08:19:01 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-10-31 08:18:57 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-10-31 08:18:50 -------- d-----w- c:\documents and settings\grace\local settings\application data\Comodo
2012-10-31 08:18:39 -------- d-----w- c:\program files\Comodo
2012-10-31 08:18:36 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-10-31 08:18:36 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-31 08:18:36 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-10-30 02:54:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 02:54:16 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 02:54:00 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2012-10-29 12:03:20 -------- d-----w- c:\documents and settings\grace\application data\Windows Search
2012-10-10 05:05:00 365056 ----a-w- c:\documents and settings\grace\gbitpbfbosoe.exe
.
==================== Find3M ====================
.
2012-11-05 16:35:21 17488 ----a-w- c:\windows\gdrv.sys
2012-10-05 22:39:49 366592 ----a-w- c:\documents and settings\grace\suysikkzmovytnkkzjpgpnmu.exe
2012-10-05 05:32:58 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-10-05 05:32:58 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-10-05 05:32:54 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-10-05 05:32:14 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-05 05:32:12 301264 ----a-w- c:\windows\system32\guard32.dll
2012-10-03 20:31:19 365056 ----a-w- c:\documents and settings\grace\mmrlcvceidfnhzzopycmabz.exe
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:09 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 11:46:20.35 ===============

_________________________________________
dds attach.txt
_________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 12/23/2009 7:49:56 AM
System Uptime: 11/5/2012 11:34:49 AM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H
Processor: AMD Athlon™ II X2 240 Processor | Socket M2 | 2812/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 117 GiB total, 105.121 GiB free.
D: is FIXED (NTFS) - 47 GiB total, 46.068 GiB free.
E: is FIXED (NTFS) - 10 GiB total, 0.328 GiB free.
F: is FIXED (NTFS) - 758 GiB total, 42.46 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\241DE35E46
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\241DE35E46
Service: NIC1394
.
==== System Restore Points ===================
.
RP1402: 11/5/2012 3:32:55 AM - post scan after MBR.0 removal.
RP1403: 11/5/2012 4:48:34 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
AMD Processor Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Localization All
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Comodo Dragon
COMODO Internet Security
EasySaver B9.0904.1
Facebook Plug-In
GeekBuddy
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Java 7 Update 9
Java Auto Updater
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MMUD Explorer
Mozilla Firefox 16.0.2 (x86 en-US)
Mozilla Maintenance Service
OpenOffice.org 3.1
Outpost Firewall Pro 7.1
Quest Calculator
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Skins
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows Internet Explorer 8 (KB2632503)
Update for Windows Internet Explorer 8 (KB975364)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
.
==== Event Viewer Messages From Past Week ========
.
11/5/2012 7:26:11 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Aavmker4 AFD AmdPPM AswRdr

aswSnx aswSP aswTdi cmdGuard Fips IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss SandBox Tcpip
11/5/2012 7:26:11 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of

the following error: A device attached to the system is not functioning.
11/5/2012 7:26:11 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of

the following error: A device attached to the system is not functioning.
11/5/2012 7:26:11 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start

because of the following error: A device attached to the system is not functioning.
11/5/2012 7:26:11 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because

of the following error: A device attached to the system is not functioning.
11/5/2012 7:25:52 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server:

{1BE1F766-5536-11D1-B726-00C04FB926AF}
11/5/2012 7:22:21 AM, error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
11/4/2012 10:51:53 AM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module

could not be found.
11/4/2012 10:05:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007:

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656370).
11/4/2012 10:05:02 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80246007:

Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2656353).
10/31/2012 5:00:32 AM, error: atapi [9] - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
10/30/2012 12:24:58 AM, error: Service Control Manager [7031] - The avast! Antivirus service terminated unexpectedly. It has done this 1 time(s). The

following corrective action will be taken in 5000 milliseconds: Restart the service.
10/30/2012 10:51:31 AM, error: Service Control Manager [7000] - The aswFsBlk service failed to start due to the following error: The system cannot find the

file specified.
.
==== End Of File ===========================



I get an error message for length of posting so I'll have to post multiple times to get the logs all in here.

#7 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 05 November 2012 - 01:05 PM

_________________________________________
GMER.log
_________________________________________

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-05 11:28:23
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD10EADS-00L5B1 rev.01.01A01
Running: j17nd9e1.exe; Driver: C:\DOCUME~1\Grace\LOCALS~1\Temp\fxadapoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwAddBootEntry [0xA761B4C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)

ZwAdjustPrivilegesToken [0xA79307E4]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwAllocateVirtualMemory [0xA77B56E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwAssignProcessToJobObject [0xA761BEDE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwClose

[0xA765D7A1]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwConnectPort [0xA77B5980]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateEvent [0xA7626EEE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateEventPair [0xA7626F3A]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwCreateFile [0xA77B31B0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateIoCompletion [0xA76270BC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateKey [0xA765D155]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateMutant [0xA7626E5C]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwCreateProcess [0xA77B4AB0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwCreateProcessEx [0xA77B4BA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateSection [0xA7626F7E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateSemaphore [0xA7626EA4]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwCreateSymbolicLinkObject [0xA77B3AB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateThread [0xA761C124]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwCreateTimer [0xA7627076]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDebugActiveProcess [0xA761C946]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDeleteBootEntry [0xA761B510]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDeleteKey [0xA765DE67]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDeleteValueKey [0xA765E11D]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwDuplicateObject [0xA7620108]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwEnumerateKey [0xA765DCD2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwEnumerateValueKey [0xA765DB3D]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwFsControlFile [0xA77B30C0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwLoadDriver [0xA761B178]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwMakeTemporaryObject [0xA77B39F0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwModifyBootEntry [0xA761B55E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwNotifyChangeKey [0xA762047A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwNotifyChangeMultipleKeys [0xA761D3AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenEvent [0xA7626F18]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenEventPair [0xA7626F5C]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwOpenFile

[0xA77B3640]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenIoCompletion [0xA76270E0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenKey

[0xA765D4B1]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenMutant [0xA7626E82]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenProcess [0xA761FC46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenSection [0xA7627000]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenSemaphore [0xA7626ECC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenThread [0xA761FEB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwOpenTimer [0xA762709A]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwProtectVirtualMemory [0xA77B58A0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryKey

[0xA765D9B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)

ZwQueryMultipleValueKey [0xA79320E2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwQueryObject [0xA761D27A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwQueryValueKey [0xA765D80A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwQueueApcThread [0xA761CDDC]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwRenameKey [0xA77B45B0]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwReplaceKey [0xA77B4270]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwRequestPort [0xA77B5C50]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwRequestWaitReplyPort [0xA77B5D20]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwRestoreKey [0xA765C7C8]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.) ZwSaveKey

[0xA77B4340]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwSaveKeyEx [0xA77B4410]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwSecureConnectPort [0xA77B5A70]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetBootEntryOrder [0xA761B5AC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetBootOptions [0xA761B5FA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetContextThread [0xA761C7C6]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwSetInformationDebugObject [0xA77B6080]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwSetSecurityObject [0xA77B6180]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetSystemInformation [0xA761B202]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetSystemPowerState [0xA761B3B2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSetValueKey [0xA765DF6E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwShutdownSystem [0xA761B358]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSuspendProcess [0xA761CB00]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSuspendThread [0xA761CC5C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwSystemDebugControl [0xA761B422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwTerminateProcess [0xA761C4DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwTerminateThread [0xA761C63E]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwUnloadDriver [0xA77B4830]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwVdmControl [0xA761B648]
SSDT \??\C:\WINDOWS\system32\drivers\SandBox.sys (Host Protection Component/Agnitum Ltd.)

ZwWriteFile [0xA77B2FB0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)

ZwWriteVirtualMemory [0xA761BF22]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C00 805044F8 2

Bytes [C2, B4]
.text ntkrnlpa.exe!ZwCallbackReturn + 2C68 80504560

16 Bytes [EE, 6E, 62, A7, 3A, 6F, 62, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CA4 8050459C 9

Bytes [7E, 6F, 62, A7, A4, 6E, 62, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2CAE 805045A6

10 Bytes [7B, A7, 24, C1, 61, A7, 76, ...]
.text ntkrnlpa.exe!ZwCallbackReturn + 2D98 80504690 2

Bytes [7A, 04] {JP 0x6}
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 5EC 805A64B0 4

Bytes CALL A761DA7F \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is

writeable [0xB5948000, 0x231B17, 0xE8000020]
.text win32k.sys!EngFreeUserMem + 674 BF80991D 5

Bytes JMP A79355FA \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngFreeUserMem + 35D0 BF80C879 5

Bytes JMP A7621982 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSurface + 45 BF813911 5

Bytes JMP A7935EA6 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!BRUSHOBJ_pvAllocRbrush + 11D3 BF81C57B 5

Bytes JMP A7620FEE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetLastError + 79A8 BF8240EB 5

Bytes JMP A79344A4 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngCreateBitmap + F9C BF828A55 5

Bytes JMP A793573A \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngCreateBitmap + 138F BF828E48 5

Bytes JMP A79341A0 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngUnmapFontFileFD + 2C50 BF8314A0 5

Bytes JMP A7621E04 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngUnmapFontFileFD + B687 BF839ED7 5

Bytes JMP A7935D60 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!FONTOBJ_pxoGetXform + 84ED BF851765 5

Bytes JMP A7934642 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!XLATEOBJ_iXlate + F17 BF85BC8A 5

Bytes JMP A7934E60 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!XLATEOBJ_iXlate + 3581 BF85E2F4 5

Bytes JMP A7620B64 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XLATEOBJ_iXlate + 360C BF85E37F 5

Bytes JMP A7620E2A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 88 BF85F5F0 5

Bytes JMP A76205B6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreatePalette + 5457 BF8649BF 5

Bytes JMP A76219CC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 35FB BF8731B9 5

Bytes JMP A7620C24 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetCurrentCodePage + 4138 BF873CF6 5

Bytes JMP A7620DE4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngGetLastError + 1606 BF890DF1 5

Bytes JMP A7935C30 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngGradientFill + 26EE BF89439B 5

Bytes JMP A79359C6 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngStretchBltROP + 583 BF894E73 5

Bytes JMP A7621D62 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 3862 BF89C226 5

Bytes JMP A7620FD6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCopyBits + 4DF7 BF89D7BB 5

Bytes JMP A762077A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngTextOut + 59C7 BF8AAF16 5

Bytes JMP A7934330 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngEraseSurface + A9E8 BF8C1D00 5

Bytes JMP A762088A \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngFillPath + 1517 BF8CA191 5

Bytes JMP A793537A \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngFillPath + 1797 BF8CA411 5

Bytes JMP A7935B0C \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngDeleteSemaphore + 3B33 BF8EBDCC 5

Bytes JMP A76204B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngDeleteSemaphore + CB47 BF8F4DE0 5

Bytes JMP A7621006 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 1A2F BF9142F4 5

Bytes JMP A76206A6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateClip + 2603 BF914EC8 5

Bytes JMP A7935472 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
.text win32k.sys!EngCreateClip + 4F7C BF917841 5

Bytes JMP A7620F44 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 1947 BF947973 5

Bytes JMP A7935886 \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO)
? C:\DOCUME~1\Grace\LOCALS~1\Temp\mbr.sys The system

cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[212] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[212] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[212] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[212] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[212] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0082D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0083BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0083B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00837F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0082D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00835070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00835C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5

Bytes JMP 005ECE00 C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe (Agnitum Outpost Service/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00833BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 008344D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00838D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00838AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00839E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe[256] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00839D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 007FD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0080BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0080B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00807F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 007FD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00805070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00805C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00803BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 008044D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00808D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00808AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00809E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00809D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\Dragon\dragon_updater.exe[336] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 00A0D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 00A1BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 00A1B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00A17F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 00A0D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00A15070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00A15C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00A13BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 00A144D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00A18D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00A18AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00A19E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00A19D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE[428] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!NtClose 7C90CFEE 3

Bytes JMP 0090D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!NtClose + 4 7C90CFF2 1

Byte [84]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 3

Bytes JMP 0091BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!NtReplyWaitReceivePort + 4 7C90DA92 1

Byte [84]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 3

Bytes JMP 0091B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!NtReplyWaitReceivePortEx + 4 7C90DAA2 1

Byte [84]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!LdrLoadDll 7C91632D 3

Bytes JMP 00917F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!LdrLoadDll + 4 7C916331 1

Byte [84]
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0090D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00915070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00915C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00913BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 009144D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00918D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00918AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00919E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00919D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\unsecapp.exe[456] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0078D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0079BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0079B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00797F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0078D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00795070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00795C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00798D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00798AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00799E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00799D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00793BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe[484] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 007944D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 007355F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 00735574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 007355A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 00735624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre7\bin\jqs.exe[528] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Documents and Settings\Grace\Desktop\combat files\GMER\j17nd9e1.exe[760] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 007CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 007DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 007DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 007D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 007CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 007D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 007D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] kernel32.dll!WriteFile 7C810E27 7

Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 007D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 007D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 007D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] GDI32.dll!GetPixel 77F1B74C 3

Bytes JMP 007D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] GDI32.dll!GetPixel + 4 77F1B750 1

Byte [88]
.text C:\WINDOWS\system32\SearchIndexer.exe[884] GDI32.dll!CreateDCA 77F1B7D2 3

Bytes JMP 007D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] GDI32.dll!CreateDCA + 4 77F1B7D6 1

Byte [88]
.text C:\WINDOWS\system32\SearchIndexer.exe[884] GDI32.dll!CreateDCW 77F1BE38 3

Bytes JMP 007D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\SearchIndexer.exe[884] GDI32.dll!CreateDCW + 4 77F1BE3C 1

Byte [88]
.text C:\WINDOWS\system32\csrss.exe[968] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 10001450 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\csrss.exe[968] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 100017F0 C:\WINDOWS\system32\cmdcsr.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\winlogon.exe[1028] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005ED120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005FBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005FB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005F7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005ED240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005F5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005F5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005F3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005F44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5

Bytes JMP 005EF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1084] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\services.exe[1084] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005F8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005F8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005F9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[1084] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005F9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lsass.exe[1096] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\lsass.exe[1096] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[1096] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0066D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0067BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0067B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00677F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0066D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00675070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00675C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00673BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 006744D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00678D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00678AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00679E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Comodo\launcher_service.exe[1268] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00679D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5

Bytes JMP 005CF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1300] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1300] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 008FD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0090BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0090B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00907F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 008FD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00905070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00905C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00903BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 009044D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00908D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00908AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00909E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00909D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[1336] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1336] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1336] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\Explorer.EXE[1336] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5

Bytes JMP 005CF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1396] rpcss.dll!WhichService 76A84234 8

Bytes JMP EDF0005C
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5

Bytes JMP 00534850 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] ntdll.dll!NtCreateFile 7C90D0AE 5

Bytes JMP 0054ECA0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1532] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] RPCRT4.dll!RpcServerRegisterIfEx 77E8CD53 5

Bytes JMP 005CF870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1572] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1572] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1572] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1720] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1720] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1856] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1856] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 003BD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 003CBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 003CB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 003C7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 003BD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 003C5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 003C5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 003C3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 003C44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 003C8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 003C8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 003C9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 003C9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\RTHDCPL.EXE[1868] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[1868] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[1868] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\RTHDCPL.EXE[1868] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\Ati2evxx.exe[1956] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0084D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0085BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0085B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00857F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0084D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00855070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00855C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00853BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 008544D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00858D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00858AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00859E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00859D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[2004] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[2004] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[2004] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\spoolsv.exe[2004] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 003CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 003DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 003DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 003D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 003CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 003D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 003D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 00A055F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 00A05574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 00A055A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 00A05624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 003D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 003D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 003D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 003D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 003D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe[2056] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 003D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[2064] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 003CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 003DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 003DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00614B7C C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 003CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 003D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 003D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5

Bytes JMP 00614AB8 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 00C555F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 00C55574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] USER32.dll!SetWindowsHookExW 7E42820F 5

Bytes JMP 00614B50 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] USER32.dll!EnableWindow 7E429849 5

Bytes JMP 017F7A6C C:\PROGRA~1\Agnitum\OUTPOS~1\op_cmn.dll (Outpost Common Controls Library/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 00C555A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] USER32.dll!SetWindowsHookExA 7E431211 5

Bytes JMP 00614B24 C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe (Outpost User Interface/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 00C55624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 003D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 003D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 003D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 003D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 003D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe[2076] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 003D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2084] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5

Bytes JMP 00780630 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2084] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 010355F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2084] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 01035574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2084] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 010355A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2084] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 01035624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 003CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 003DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 003DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 003D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 003CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 003D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 003D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 003D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 003D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 003D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 003D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 003D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 003D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[2092] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[2124] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0087D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0088BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0088B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00887F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0087D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00885070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00885C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00883BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 008844D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[2124] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[2124] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[2124] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\ctfmon.exe[2124] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00888D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00888AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00889E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\ctfmon.exe[2124] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00889D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] KERNEL32.dll!CreateProcessW 7C802336 5

Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] KERNEL32.dll!CreateProcessA 7C80236B 5

Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[2132] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 003CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 003DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 003DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 003D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 003CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 003D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 003D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 003D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 003D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 003D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 003D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 003D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 003D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Windows Desktop Search\WindowsSearch.exe[2172] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0101D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0102BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0102B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 01027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0101D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 01025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 01025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 01028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 01028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 01029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 01029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 01023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.exe[2344] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 010244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 01A4D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 01A5BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 01A5B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 01A57F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 01A4D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 01A55070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 01A55C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 01A58D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 01A58AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 01A59E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 01A59D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 01A53BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\OpenOffice.org 3\program\soffice.bin[2360] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 01A544D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 00BDD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 00BEBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 00BEB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00BE7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 00BDD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00BE5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00BE5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00BE3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 00BE44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 00B755F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 00B75574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 00B755A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 00B75624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00BE8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00BE8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00BE9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit_manager.exe[2372] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00BE9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0085D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0086BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0086B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00867F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0085D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00865070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00865C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00863BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 008644D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00868D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00868AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00869E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00869D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2456] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0085D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0086BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0086B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00867F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 0085D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00865070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00865C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00863BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 008644D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00868D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00868AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00869E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00869D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\system32\NOTEPAD.EXE[2824] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 1001D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 1002BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 1002B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 10027F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 1001D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] KERNEL32.dll!CreateProcessW 7C802336 5

Bytes JMP 10025070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] KERNEL32.dll!CreateProcessA 7C80236B 5

Bytes JMP 10025C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 10028D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 10028AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 10029E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 10029D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 10023BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3124] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 100244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 0091D120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 0092BCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 0092B9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 01515B00 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ntdll.dll!LdrUnloadDll 7C9171CD 3

Bytes JMP 0091D240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ntdll.dll!LdrUnloadDll + 4 7C9171D1 1

Byte [84]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00925070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00925C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] kernel32.dll!lstrlenW + 43 7C809AEC 7

Bytes JMP 01757B58 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 1

Byte [E9]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7

Bytes JMP 01757B35 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] kernel32.dll!ValidateLocale + B130 7C844958 7

Bytes JMP 0151EF12 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00928D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] GDI32.dll!SetDIBitsToDevice + 20A 77F19E14 7

Bytes JMP 01757AB6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00928AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00929E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00929D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00923BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3520] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 009244D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 005CD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 005DBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 005DB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 005D7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 005CD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 005D5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 005D5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 100A55F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\alg.exe[3580] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 100A5574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\alg.exe[3580] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 100A55A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\alg.exe[3580] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 100A5624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\WINDOWS\System32\alg.exe[3580] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 005D8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 005D8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 005D9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 005D9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 005D3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[3580] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 005D44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] ntdll.dll!NtClose 7C90CFEE 5

Bytes JMP 00BDD120 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5

Bytes JMP 00BEBCD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5

Bytes JMP 00BEB9B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] ntdll.dll!LdrLoadDll 7C91632D 5

Bytes JMP 00BE7F40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] ntdll.dll!LdrUnloadDll 7C9171CD 5

Bytes JMP 00BDD240 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] kernel32.dll!CreateProcessW 7C802336 5

Bytes JMP 00BE5070 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] kernel32.dll!CreateProcessA 7C80236B 5

Bytes JMP 00BE5C00 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5

Bytes JMP 00BE3BA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5

Bytes JMP 00BE44D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] USER32.dll!ChangeDisplaySettingsExA 7E42384E 5

Bytes JMP 00B855F8 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] USER32.dll!SetForegroundWindow 7E4242ED 5

Bytes JMP 00B85574 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] USER32.dll!SetWindowPos 7E4299F3 5

Bytes JMP 00B855A0 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 5

Bytes JMP 00B85624 c:\progra~1\agnitum\outpos~1\wl_hook.dll (Outpost Hooking Module/Agnitum Ltd.)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] GDI32.dll!DeleteDC 77F16E5F 5

Bytes JMP 00BE8D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] GDI32.dll!GetPixel 77F1B74C 5

Bytes JMP 00BE8AE0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] GDI32.dll!CreateDCA 77F1B7D2 5

Bytes JMP 00BE9E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Comodo\GeekBuddy\unit.exe[3732] GDI32.dll!CreateDCW 77F1BE38 5

Bytes JMP 00BE9D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip

afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Tcp

afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\Udp

afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\RawIp

afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)
Device \Driver\Tcpip \Device\IPMULTICAST

afwcore.sys (Agnitum Firewall Core Driver/Agnitum Ltd.)

---- Files - GMER 1.0.15 ----

File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0207229E-459D-4699-96BC-E83B2A889906.data 12995

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0207229E-459D-4699-96BC-E83B2A889906.data.info 202 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0219D82F-FDB6-4CAE-A489-CA860627685E.data 8914 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0219D82F-FDB6-4CAE-A489-CA860627685E.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0B65097A-ABCB-4634-A3D1-69BACC301C90.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0B65097A-ABCB-4634-A3D1-69BACC301C90.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0C3DB5EF-B1FB-4276-8BD5-16CBD9EB0374.data 13761

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A4F6E0A7-A5D8-4D6E-9111-46677B91531B.data 11779

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A4F6E0A7-A5D8-4D6E-9111-46677B91531B.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A7758889-EAC2-4BE7-BA77-9B8A354F581C.data 1584640

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\A7758889-EAC2-4BE7-BA77-9B8A354F581C.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AACB30C4-28E1-435E-A7B9-D862E201B061.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AACB30C4-28E1-435E-A7B9-D862E201B061.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\ADD64695-6B16-4100-B225-40C1EB6C350E.data 1584640

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\ADD64695-6B16-4100-B225-40C1EB6C350E.data.info 168 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AE677A63-3CFB-45CE-839D-7862023AA74E.data 13361

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\6A81F02A-344C-4869-8832-3A0F5B88D7AE.data.info 178 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\767A20F8-A848-462D-865D-AF343E6EF6FD.data 10694

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\767A20F8-A848-462D-865D-AF343E6EF6FD.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7A144173-29BF-441B-96DC-3EC7A9152A28.data 10694

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7A144173-29BF-441B-96DC-3EC7A9152A28.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7B9C6215-FE73-4EAE-B6CB-66CBF2098ED9.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7B9C6215-FE73-4EAE-B6CB-66CBF2098ED9.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D9505819-6D7A-4F3E-A8B2-4E4A14F9179A.data 308224

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\D9505819-6D7A-4F3E-A8B2-4E4A14F9179A.data.info 102 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E15079B8-9E5C-4A0D-BDA3-D6060936657E.data 12171

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E15079B8-9E5C-4A0D-BDA3-D6060936657E.data.info 246 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E5898987-52FD-475C-B493-14A6577A70CE.data 7421 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E5898987-52FD-475C-B493-14A6577A70CE.data.info 246 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E5AAA01A-317D-4C17-8D58-5135612A25F4.data 3139 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E5AAA01A-317D-4C17-8D58-5135612A25F4.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\0C3DB5EF-B1FB-4276-8BD5-16CBD9EB0374.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\6123484D-1AF7-4B87-9BF4-8F53683685AE.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\6A81F02A-344C-4869-8832-3A0F5B88D7AE.data 192000

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\89350DA2-FC3A-4939-8944-8281CD99E4A0.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\AE677A63-3CFB-45CE-839D-7862023AA74E.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C161EDFE-F276-4905-82AD-39E09B31A5FE.data 9676 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\3DE1E21F-4038-49ED-B1C8-98ACA90F8E2A.data 19245

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\3DE1E21F-4038-49ED-B1C8-98ACA90F8E2A.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4721AF00-825E-404D-B45C-516A3C3108BC.data 13006

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4721AF00-825E-404D-B45C-516A3C3108BC.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A8F96EA-2912-4620-8FA2-F94C3114EE26.data 12768

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4A8F96EA-2912-4620-8FA2-F94C3114EE26.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4BF0EF28-308D-4247-9067-425429D69744.data 16280

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\4BF0EF28-308D-4247-9067-425429D69744.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\54C886DB-DC98-44FC-BEDD-1AC49C2FCE52.data 16280

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\54C886DB-DC98-44FC-BEDD-1AC49C2FCE52.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\55E0398D-97D8-403D-A9EA-F06ECA2B1231.data 1584640

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\55E0398D-97D8-403D-A9EA-F06ECA2B1231.data.info 114 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5995EB38-2FF3-4D47-A8CE-4DE4339E3AEA.data 1584640

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\5995EB38-2FF3-4D47-A8CE-4DE4339E3AEA.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1760A455-5DBB-4EE7-AAF0-0A5D7B240A6F.data 3045 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\1760A455-5DBB-4EE7-AAF0-0A5D7B240A6F.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\200B07DE-D77C-4842-9FE3-C5CF63CF5356.data 3126 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\200B07DE-D77C-4842-9FE3-C5CF63CF5356.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2ED31EB5-E991-43BA-BAAA-3C1F30C2C4EF.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2ED31EB5-E991-43BA-BAAA-3C1F30C2C4EF.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2EFA48D6-75E7-4ACF-A926-BF143688AD2C.data 11779

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\2EFA48D6-75E7-4ACF-A926-BF143688AD2C.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\348BFF8D-915E-4D39-BE70-2EB0B3A1C4C4.data 13103

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\348BFF8D-915E-4D39-BE70-2EB0B3A1C4C4.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\8A89E288-0CC8-43C8-9A43-9CD769F6A4C4.data 3139 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\8A89E288-0CC8-43C8-9A43-9CD769F6A4C4.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\977B0B28-B60E-4A16-AF1B-E05873DE8049.data 8179 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\977B0B28-B60E-4A16-AF1B-E05873DE8049.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\9CC7D271-E1E1-4D06-BF82-1430E81EB0A9.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\9CC7D271-E1E1-4D06-BF82-1430E81EB0A9.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\9D874FD1-9D74-4CD2-BE36-1F2316958FAE.data 1584640

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\9D874FD1-9D74-4CD2-BE36-1F2316958FAE.data.info 180 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B067FF56-F63F-4B3D-AE83-EB3784473007.data 11779

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B067FF56-F63F-4B3D-AE83-EB3784473007.data.info 218 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B2E31075-F2A7-411E-9181-235F04DADA0D.data 13361

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B2E31075-F2A7-411E-9181-235F04DADA0D.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B6626BBF-3FDB-48DE-B877-2FC5D47C3D30.data 11531

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B6626BBF-3FDB-48DE-B877-2FC5D47C3D30.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B77849D9-7181-4AFC-A4DC-CF5BDC26AE71.data 11779

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\B77849D9-7181-4AFC-A4DC-CF5BDC26AE71.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7C322CA1-A798-4F68-B47C-ADA65252BE53.data 3045 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7C322CA1-A798-4F68-B47C-ADA65252BE53.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7D47426A-D578-4B67-BF60-83E8F7148C58.data 13028

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7D47426A-D578-4B67-BF60-83E8F7148C58.data.info 248 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7F9C5290-7414-464D-8100-9E250CB97FA1.data 4185 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\7F9C5290-7414-464D-8100-9E250CB97FA1.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\87418F84-7ECA-4F23-A516-4292F0A01EFA.data 12919

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\87418F84-7ECA-4F23-A516-4292F0A01EFA.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\889BEC67-7DA1-43E7-A311-27D7A2E6F820.data 230912

bytes executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\889BEC67-7DA1-43E7-A311-27D7A2E6F820.data.info 160 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\89350DA2-FC3A-4939-8944-8281CD99E4A0.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\6123484D-1AF7-4B87-9BF4-8F53683685AE.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\666551A2-E76F-40DB-8839-6189409916A1.data 3045 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\666551A2-E76F-40DB-8839-6189409916A1.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\6762D838-A82D-4D0F-855E-67C1F50999AA.data 13761

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\6762D838-A82D-4D0F-855E-67C1F50999AA.data.info 220 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\684FAF7D-A2AC-421C-8049-CF66AAE5EBDE.data 13028

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\684FAF7D-A2AC-421C-8049-CF66AAE5EBDE.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C161EDFE-F276-4905-82AD-39E09B31A5FE.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C3D5DA82-2C35-4833-85AB-D9CE3974872F.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C3D5DA82-2C35-4833-85AB-D9CE3974872F.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C4AA1FDC-5767-4CD4-BE4A-0649745DF9B3.data 13064

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\C4AA1FDC-5767-4CD4-BE4A-0649745DF9B3.data.info 250 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\CE9CCCA7-7010-48BE-BC8A-BE48E34CB117.data 13369

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\CE9CCCA7-7010-48BE-BC8A-BE48E34CB117.data.info 192 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E9D61B9C-CC6E-4039-B840-08E885D7BAE9.data 5120 bytes

executable
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\E9D61B9C-CC6E-4039-B840-08E885D7BAE9.data.info 242 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\F525EBA7-C768-433B-81B8-9D7B3149E304.data 11779

bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\F525EBA7-C768-433B-81B8-9D7B3149E304.data.info 218 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\Comodo\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes

---- EOF - GMER 1.0.15 ----

#8 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:39 AM

Posted 06 November 2012 - 07:00 AM

Hello Icanhazrootkit, :)

The new info, and updates still don't change the fact that the "Grace" machine is infected with ZeroAccess, soooo let's pick up where my last post left off:

Please download Combofix from This Webpage...and read through the instructions there for running the tool.

***Important Note***
Please read through the guidance on that web page carefully and thoroughly...and install the Recovery Console. Using this tool without the Recovery Console installed is NOT RECOMMENDED.

If you have Windows Vista or Windows 7, you can skip the recovery console step...in Vista/7 it's in the System Recovery Options menu. The System Recovery Options menu is on the Windows Vista or Windows 7 installation disc. If Windows doesn't start correctly, you can use these tools to repair startup problems.


The Windows Recovery Console will allow you to boot into a special recovery (repair) mode that is not otherwise available. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It's a simple procedure that will only take a few moments.

Once installed, a blue screen prompt should appear that reads as follows:

The Recovery Console was successfully installed.

When you see that screen, please continue as follows:

  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a log file for you. Please post that log back here on your next reply. Thanks!

Note:
Do not mouseclick combofix's window while it's running....that may cause the scan to stall

Best Regards,
oneof4.


#9 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 06 November 2012 - 11:42 AM

Thanks Oneof4...
I've downloaded Combofix (twice now actually) and I have a concern.
The downloads are not the same size, and neither do they match the size stated for the file size on the download page.

The file size stated for the download page 4.77 MBs
First download of Combofix 4.875 MBs 12-11-01 (downloaded in preparation but not run)
Second download of Combofix 4.881 MBs 12-11-06 (downloaded because I didn't immediately see the first download in the folder)

On the other hand the first image on the page http://www.bleepingcomputer.com/combofix/how-to-use-combofix displays the file size as 4.09 MBs.

Size change due to update, or possibly size change due to viral activity?

Should I be concerned for the integrity of this file?
How would I check this? Is there a checksum?

UPDATE: 12-11-06 1:30 GMT-5
I see by the postings in other logs for Combofix that the file did indeed get updated as recently as 12-11-05 and that those reporting similar infections have not reported unusual behavior or failure.
I'm going to go ahead and run the more recent file and I'll post back the logs as soon as it finishes.
If I do not post back, it's because I'm no longer able, not because I wandered off.

Edited by Icanhazrootkit, 06 November 2012 - 01:32 PM.


#10 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 06 November 2012 - 02:43 PM

Combofix ran apparently with joy, but with the following problems:
It attempted to install the recovery console with the error that it could not connect to the internet.
I opened network properties and ran Repair, and opened firefox which successfully loaded the google homepage.
Whatever difficulty it had connecting was unique to Combofix.


(UPDATE: 12-11-07 4:22 GMT-5 these issues have been corrected and an additional combofix log is posted in the next posting down. Recovery console installed and much joy was had.)


Combofix then offered a single button dialog to continue to run without the recovery console... no option to cancel or to install from a file (which I have).

It ran for a moment and returned an error that there was a security program active which might interfere... I double checked Agnitum outpost and found it to be disabled, Comodo however was only partial disabled and I corrected this by disabling the sandbox feature which was still active for some reason.

Combofix then ran to stage 50, and rebooted successfully.

On reboot, Agnitum Outpost restarted, so I manually permitted each process for which alerts were given.

During this process a single window bearing a red shield (which could have been either Outpost or Comodo... they both use similar emblems) flashed briefly on the screen which included "...attempted to write a critical registry entry..."
The next Outpost alert dialog was for just such a registry write. I permitted it.

Combofix closed with the opening of the log file posted here.
Also available are quarantine logs and add/removal and catchme logs. The catchme log is empty except for a date/timestamped header.

Let me know if any or all of these are of interest.


ComboFix 12-11-06.03 - Grace 11/06/2012 13:49:05.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1106 [GMT -5:00]
Running from: d:\downloads\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Outpost Firewall Pro *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\6EncGMJB.exe.b
c:\documents and settings\Grace\gbitpbfbosoe.exe
c:\documents and settings\Grace\mmrlcvceidfnhzzopycmabz.exe
c:\documents and settings\Grace\Start Menu\Programs\System Check
c:\documents and settings\Grace\Start Menu\Programs\System Check\System Check.lnk
c:\documents and settings\Grace\Start Menu\Programs\System Check\Uninstall System Check.lnk
c:\documents and settings\Grace\suysikkzmovytnkkzjpgpnmu.exe
c:\windows\system32\SET157.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET1AA.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 12:40 . 2012-11-06 12:40 -------- d-----w- c:\documents and settings\Grace\Local Settings\Application Data\Sun
2012-11-04 16:20 . 2012-11-04 16:20 -------- d-----w- c:\program files\Common Files\Java
2012-11-04 16:09 . 2012-11-04 16:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 16:08 . 2012-11-04 16:08 -------- d-----w- c:\program files\Java
2012-11-04 15:40 . 2012-11-04 15:40 -------- d-----w- c:\program files\Microsoft.NET
2012-11-04 15:34 . 2012-11-04 15:34 -------- d-----w- c:\program files\Microsoft Silverlight
2012-11-04 15:16 . 2012-11-04 15:18 -------- d-----w- c:\documents and settings\Grace\Local Settings\Application Data\ApplicationHistory
2012-11-04 15:11 . 2012-11-04 15:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\GeekBuddyRSP
2012-11-04 15:10 . 2012-11-04 15:10 -------- d-----w- c:\program files\Common Files\Comodo
2012-10-31 08:31 . 2012-10-31 08:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2012-10-31 08:31 . 2012-10-31 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-10-31 08:25 . 2012-11-06 18:59 425409 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-10-31 08:21 . 2012-10-31 08:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2012-10-31 08:19 . 2012-10-31 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-10-31 08:18 . 2012-10-31 08:30 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-10-31 08:18 . 2012-11-04 15:58 -------- d-----w- c:\documents and settings\Grace\Local Settings\Application Data\Comodo
2012-10-31 08:18 . 2012-11-04 15:10 -------- d-----w- c:\program files\Comodo
2012-10-31 08:18 . 2012-10-31 08:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-10-31 08:18 . 2012-10-31 08:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-31 08:18 . 2012-10-31 08:18 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-10-30 02:54 . 2012-10-23 10:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 02:54 . 2012-10-23 10:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 02:54 . 2012-10-30 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-29 12:03 . 2012-10-29 12:03 -------- d-----w- c:\documents and settings\Grace\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 18:59 . 2009-12-23 13:18 17488 ----a-w- c:\windows\gdrv.sys
2012-10-05 05:33 . 2012-10-05 05:33 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-10-05 05:32 . 2012-10-05 05:32 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-10-05 05:32 . 2012-10-05 05:32 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-10-05 05:32 . 2012-10-05 05:32 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-10-05 05:32 . 2012-10-05 05:32 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-05 05:32 . 2012-10-05 05:32 301264 ----a-w- c:\windows\system32\guard32.dll
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-27 01:15 . 2012-10-27 01:15 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-04-14 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\asyncmac.sys
[7] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\dllcache\beep.sys
[7] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[7] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys
[7] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ntfs.sys
[7] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[7] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\dllcache\null.sys
[7] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[7] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\sp3gdr\browser.dll
[7] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\browser.dll
[7] 2012-07-06 . CFD4E51402DA9838B5A04AE680AF54A0 . 78336 . . [5.1.2600.6260] . . c:\windows\system32\dllcache\browser.dll
[7] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\$hf_mig$\KB2705219-v2\SP3QFE\browser.dll
[7] 2012-07-06 . FC6D1D80588D371F0321E15A75B2F8F2 . 78336 . . [5.1.2600.6260] . . c:\windows\SoftwareDistribution\Download\7dc26e8888d68d9e04bc52940c0f24b5\sp3qfe\browser.dll
[7] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2705219-v2$\browser.dll
.
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
[7] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lsass.exe
.
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
[7] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netman.dll
.
[7] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
[7] 2008-04-14 12:00 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\dllcache\comres.dll
.
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
[7] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\dllcache\qmgr.dll
.
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[7] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[7] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[7] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\rpcss.dll
.
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[7] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[7] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\services.exe
.
[7] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[7] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[7] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\winlogon.exe
.
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\wuauclt.exe
[7] 2012-06-02 . 2E0B0A051FFAA86E358465BB0880D453 . 53784 . . [7.6.7600.256] . . c:\windows\system32\dllcache\wuauclt.exe
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[7] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[7] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[7] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[7] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
[7] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\cryptsvc.dll
.
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[7] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[7] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[7] 2008-04-14 12:00 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\$NtUninstallKB950974$\es.dll
.
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
[7] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\imm32.dll
.
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[7] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[7] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB959426$\kernel32.dll
.
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
[7] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\linkinfo.dll
.
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
[7] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\lpk.dll
.
[7] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\SoftwareDistribution\Download\5fbc7025d97fcb06f9df3d8961e67b28\SP3GDR\mshtml.dll
[7] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\system32\mshtml.dll
[7] 2012-08-28 . DF3C3CA94CBC9DE07AC3EB49440A8D45 . 6008832 . . [8.00.6001.19328] . . c:\windows\system32\dllcache\mshtml.dll
[7] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\mshtml.dll
[7] 2012-08-28 . CF6B381C3518AB328382429CAE206D64 . 6010368 . . [8.00.6001.23415] . . c:\windows\SoftwareDistribution\Download\5fbc7025d97fcb06f9df3d8961e67b28\SP3QFE\mshtml.dll
[7] 2012-05-11 . 886B62A906B3967CBBF0FD2C833A30BF . 6007808 . . [8.00.6001.19258] . . c:\windows\ie8updates\KB2744842-IE8\mshtml.dll
[7] 2012-05-11 . 55F148B94246A77FB4AC33346671CAC8 . 6009344 . . [8.00.6001.23345] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\mshtml.dll
[-] 2012-03-01 . DADE53318D8E5335EE2E1745F1C3FC4D . 5978624 . . [8.00.6001.19222] . . c:\windows\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\mshtml.dll
[-] 2012-03-01 . 5DBB0C997AD276BCE9D30CD609BDBF67 . 5980672 . . [8.00.6001.23318] . . c:\windows\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\mshtml.dll
[-] 2011-12-17 . A9259CD226283CD4F798C00909754A94 . 5979136 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\mshtml.dll
[-] 2011-12-17 . 49B88A833ECA99EFBFFC5AAE5CC998ED . 5980160 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\mshtml.dll
[7] 2011-11-04 . DD8D655E1881B70A5259A23A6018A6C2 . 5978112 . . [8.00.6001.19170] . . c:\windows\ie8updates\KB2699988-IE8\mshtml.dll
[7] 2011-11-04 . 699421E2E1313C18671A703953CAE14B . 5978624 . . [8.00.6001.23266] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\mshtml.dll
[-] 2011-10-03 . 4963CB503600FC3BCBDBFBA51FBA1FAC . 5971456 . . [8.00.6001.19154] . . c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\mshtml.dll
[-] 2011-10-03 . 1240A6B7B470BED0AA6C9FEC7AB0EA26 . 5972992 . . [8.00.6001.23250] . . c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\mshtml.dll
[7] 2011-07-25 . 23B3C8E9F3F280180573569253CE98AB . 5969920 . . [8.00.6001.19120] . . c:\windows\ie8updates\KB2618444-IE8\mshtml.dll
[7] 2011-07-25 . BCE7CCEBAD6C8955D2B4C3B246BD0E57 . 5971456 . . [8.00.6001.23216] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\mshtml.dll
[7] 2011-05-30 . 22BA5235EA846EDA87F68A1DCC2BFCF9 . 5964800 . . [8.00.6001.19088] . . c:\windows\ie8updates\KB2559049-IE8\mshtml.dll
[7] 2011-05-30 . D0B1DB576941CB0B6669B8752FFAC79A . 5967360 . . [8.00.6001.23181] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\mshtml.dll
[-] 2011-02-22 . 3422847AA07E37076A87D0B7D5044DC6 . 5964800 . . [8.00.6001.23141] . . c:\windows\SoftwareDistribution\Download\4a68e5ecf881bfdf9f622e39f79b4af0\SP3QFE\mshtml.dll
[-] 2011-02-22 . C2EF2335F1B6C2BE20A67D9098F6C9A1 . 5962240 . . [8.00.6001.19046] . . c:\windows\SoftwareDistribution\Download\4a68e5ecf881bfdf9f622e39f79b4af0\SP3GDR\mshtml.dll
[-] 2010-12-20 . 1EDCEC5D649DBAC37ED9FFB5A14CEB0C . 5961216 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3GDR\mshtml.dll
[-] 2010-12-20 . 2A2C070EC691CE410533A1DA7AA3CD86 . 5962240 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3QFE\mshtml.dll
[-] 2010-11-06 . 864E69F32656A7121444BA0193D7B64B . 5960704 . . [8.00.6001.23091] . . c:\windows\SoftwareDistribution\Download\88796e09434ce2ba0af7fc45bba372bf\SP3QFE\mshtml.dll
[-] 2010-11-06 . D7CCA87057901C87ED8CC40DDCC7FA1B . 5959168 . . [8.00.6001.18999] . . c:\windows\SoftwareDistribution\Download\88796e09434ce2ba0af7fc45bba372bf\SP3GDR\mshtml.dll
[7] 2010-09-10 . DE41132DA8E5A3CD57201C6F2175EC05 . 5957120 . . [8.00.6001.18975] . . c:\windows\ie8updates\KB2530548-IE8\mshtml.dll
[7] 2010-09-10 . 8A03CC037E6B7D1796192815231B0C3F . 5958656 . . [8.00.6001.23067] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\mshtml.dll
[-] 2010-06-24 . 94DC7E938C57F3C3D1BC4A0F68FC5830 . 5954560 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3QFE\mshtml.dll
[-] 2010-06-24 . 4D7EF94795384CD2BBAAB078B7929FEA . 5951488 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3GDR\mshtml.dll
[7] 2010-05-06 . C7B7A88CC7D7ABA5C395145BF92F46F7 . 5950976 . . [8.00.6001.18928] . . c:\windows\ie8updates\KB2360131-IE8\mshtml.dll
[7] 2010-05-06 . 9BE28F749A7FE7F8F177C6AA2E9DA609 . 5953024 . . [8.00.6001.23019] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\mshtml.dll
[-] 2010-02-25 . 7054F6ADC9B670887659F1561603B0D0 . 5944832 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3GDR\mshtml.dll
[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3QFE\mshtml.dll
[7] 2009-12-21 . BE6EEBEF636773A8E7A82214E81C563A . 5942784 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB982381-IE8\mshtml.dll
[7] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[7] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\mshtml.dll
[7] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\mshtml.dll
[7] 2009-10-29 . CBB1EF54B86EDB78649909DD1699E5CA . 5940736 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\mshtml.dll
[7] 2009-10-29 . DA551BFEC150760A38A9AD0C95A8A71C . 3073024 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[7] 2009-03-08 . D469A0EBA2EF5C6BEE8065B7E3196E5E . 5937152 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie8\mshtml.dll
.
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\dllcache\msvcrt.dll
[7] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[7] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[7] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$NtUninstallKB2509553$\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\mswsock.dll
[7] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[7] 2008-06-20 . 943337D786A56729263071623BBB9DE5 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[7] 2008-04-14 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\mswsock.dll
.
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
[7] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\netlogon.dll
.
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
[7] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\powrprof.dll
.
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
[7] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\scecli.dll
.
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
[7] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfc.dll
.
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
[7] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\svchost.exe
.
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
[7] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\tapisrv.dll
.
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2008-04-14 . B26B135FF1B9F60C9388B4A7D16F600B . 578560 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\user32.dll
.
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
[7] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\userinit.exe
.
[7] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\SoftwareDistribution\Download\5fbc7025d97fcb06f9df3d8961e67b28\SP3GDR\wininet.dll
[7] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\system32\wininet.dll
[7] 2012-08-28 . FF1C14BCA1A797CE45DD359FA2C9EDA8 . 916992 . . [8.00.6001.19328] . . c:\windows\system32\dllcache\wininet.dll
[7] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\$hf_mig$\KB2744842-IE8\SP3QFE\wininet.dll
[7] 2012-08-28 . DCEA3B3193B7181CF818ECC4EAB30A66 . 920064 . . [8.00.6001.23415] . . c:\windows\SoftwareDistribution\Download\5fbc7025d97fcb06f9df3d8961e67b28\SP3QFE\wininet.dll
[7] 2012-05-16 . 6B1774334E2975AA60596E54F5EA1430 . 916992 . . [8.00.6001.19272] . . c:\windows\ie8updates\KB2744842-IE8\wininet.dll
[7] 2012-05-16 . 553AD35768CD27959391DD5AA82CEF6F . 920064 . . [8.00.6001.23359] . . c:\windows\$hf_mig$\KB2699988-IE8\SP3QFE\wininet.dll
[-] 2012-03-01 . 009E7B4C284F080608D7286484015EE5 . 916992 . . [8.00.6001.19222] . . c:\windows\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3GDR\wininet.dll
[-] 2012-03-01 . 4EC67FAB39F37626AD6D9895FC094ABF . 919552 . . [8.00.6001.23318] . . c:\windows\SoftwareDistribution\Download\10e15349103fd74db71a357203602738\SP3QFE\wininet.dll
[-] 2011-12-17 . F362D50FBDC6E34918DF41BDE1770E5C . 916992 . . [8.00.6001.19190] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3GDR\wininet.dll
[-] 2011-12-17 . 84A48E9818E8440DDBFD8EEC37C8A937 . 919552 . . [8.00.6001.23286] . . c:\windows\SoftwareDistribution\Download\83b7271a07904566b0bfe8939af82b75\SP3QFE\wininet.dll
[7] 2011-11-04 . 552263502EA8C24D301A0C43FF90B3ED . 916992 . . [8.00.6001.19165] . . c:\windows\ie8updates\KB2699988-IE8\wininet.dll
[7] 2011-11-04 . 4E4716CAF514717814D07113AD0425B6 . 919552 . . [8.00.6001.23261] . . c:\windows\$hf_mig$\KB2618444-IE8\SP3QFE\wininet.dll
[-] 2011-08-22 . 1A377838B4B468E37C3EEB5BAA24F925 . 916480 . . [8.00.6001.19131] . . c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3GDR\wininet.dll
[-] 2011-08-22 . 19630AEBBFAEB06984CAB91848270AAF . 919552 . . [8.00.6001.23227] . . c:\windows\SoftwareDistribution\Download\5e381b0b1d2f702356c8d82456d69468\SP3QFE\wininet.dll
[7] 2011-06-23 . AF4EDDC6C0446FCE5681B5DED52B8F0E . 916480 . . [8.00.6001.19098] . . c:\windows\ie8updates\KB2618444-IE8\wininet.dll
[7] 2011-06-23 . 509CF67AE762A38E23A5455A0053853C . 919552 . . [8.00.6001.23192] . . c:\windows\$hf_mig$\KB2559049-IE8\SP3QFE\wininet.dll
[7] 2011-04-25 . CC951C2212A200475A587A440E0AA804 . 916480 . . [8.00.6001.19072] . . c:\windows\ie8updates\KB2559049-IE8\wininet.dll
[7] 2011-04-25 . 7F4F1697001B9E9A7924D219DC215903 . 919552 . . [8.00.6001.23165] . . c:\windows\$hf_mig$\KB2530548-IE8\SP3QFE\wininet.dll
[-] 2011-02-22 . A9FA95F0D7F511959AC721E4843E5967 . 919552 . . [8.00.6001.23139] . . c:\windows\SoftwareDistribution\Download\4a68e5ecf881bfdf9f622e39f79b4af0\SP3QFE\wininet.dll
[-] 2011-02-22 . F192D49EEFE297FA858B2C774BA2291D . 916480 . . [8.00.6001.19044] . . c:\windows\SoftwareDistribution\Download\4a68e5ecf881bfdf9f622e39f79b4af0\SP3GDR\wininet.dll
[-] 2010-12-20 . 88014D62B5E3CDB0AC67948D86C926C8 . 916480 . . [8.00.6001.19019] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3GDR\wininet.dll
[-] 2010-12-20 . 5504B4ECCE892EB82CD2C5FA71940AC1 . 919552 . . [8.00.6001.23111] . . c:\windows\SoftwareDistribution\Download\d6a0858506d9996856009eb3a494a8c1\SP3QFE\wininet.dll
[-] 2010-11-06 . 9357C4249F4810FB0E49C13387A8A77C . 919552 . . [8.00.6001.23084] . . c:\windows\SoftwareDistribution\Download\88796e09434ce2ba0af7fc45bba372bf\SP3QFE\wininet.dll
[-] 2010-11-06 . 306A2B05EA9846278113964DC6E2C940 . 916480 . . [8.00.6001.18992] . . c:\windows\SoftwareDistribution\Download\88796e09434ce2ba0af7fc45bba372bf\SP3GDR\wininet.dll
[7] 2010-09-10 . 36FE8ABC59AAFBE20CBE54BC372F9429 . 916480 . . [8.00.6001.18968] . . c:\windows\ie8updates\KB2530548-IE8\wininet.dll
[7] 2010-09-10 . 0555E190DCD06B8998E6DDCA42DAEB82 . 919552 . . [8.00.6001.23060] . . c:\windows\$hf_mig$\KB2360131-IE8\SP3QFE\wininet.dll
[-] 2010-06-24 . 60237E50D575FBA9BEC9BC043F157149 . 919040 . . [8.00.6001.23037] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3QFE\wininet.dll
[-] 2010-06-24 . D3DEB6B2B424AC93DE3801EAEB21A9A5 . 916480 . . [8.00.6001.18939] . . c:\windows\SoftwareDistribution\Download\71af6eebf303866f2d08fabc5b3c0ae4\SP3GDR\wininet.dll
[7] 2010-05-06 . 2D9C7B010409372C34F725DA5CCED083 . 916480 . . [8.00.6001.18923] . . c:\windows\ie8updates\KB2360131-IE8\wininet.dll
[7] 2010-05-06 . C1490F68B44AF8B781F52F12F564625D . 919040 . . [8.00.6001.23014] . . c:\windows\$hf_mig$\KB982381-IE8\SP3QFE\wininet.dll
[-] 2010-02-25 . 7A42CFED96CDA7F2FB1A26D1F9F65775 . 916480 . . [8.00.6001.18904] . . c:\windows\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3GDR\wininet.dll
[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\SoftwareDistribution\Download\4de233d8d67cd9916ac28a2d43724f55\SP3QFE\wininet.dll
[7] 2009-12-21 . FF4241C74E0C0A5AFFFE05F584213ECB . 916480 . . [8.00.6001.18876] . . c:\windows\ie8updates\KB982381-IE8\wininet.dll
[7] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[7] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3QFE\wininet.dll
[7] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\ie8updates\KB978207-IE8\wininet.dll
[7] 2009-10-29 . 75240F6EDBCE7B85DF66874407D38A4F . 916480 . . [8.00.6001.18854] . . c:\windows\SoftwareDistribution\Download\73e29923811a3a72ca5380ec0acd4745\SP3GDR\wininet.dll
[7] 2009-10-29 . 6AC4AA42CC9AAEFAB1D5E4E2AF2E3D2B . 668672 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[7] 2009-03-08 . 6CE32F7778061CCC5814D5E0F282D369 . 914944 . . [8.00.6001.18702] . . c:\windows\ie8updates\KB976325-IE8\wininet.dll
[7] 2008-04-14 . 7A4F775ABB2F1C97DEF3E73AFA2FAEDD . 666112 . . [6.00.2900.5512] . . c:\windows\ie8\wininet.dll
.
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
[7] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2_32.dll
.
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
[7] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ws2help.dll
.
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\system32\dllcache\explorer.exe
.
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[7] 2008-04-14 . 058710B720282CA82B909912D3EF28DB . 146432 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regedit.exe
.
[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\ole32.dll
[7] 2011-11-01 . 6BAD1BED9872E62049E487FB91AE2F3A . 1288704 . . [5.1.2600.6168] . . c:\windows\system32\dllcache\ole32.dll
[7] 2011-11-01 . 7D9DDE1AB4B00DDB173F5A16E9206517 . 1289216 . . [5.1.2600.6168] . . c:\windows\$hf_mig$\KB2624667\SP3QFE\ole32.dll
[7] 2010-07-16 . 7A6A7900B5E322763430BA6FD9A31224 . 1288192 . . [5.1.2600.6010] . . c:\windows\$NtUninstallKB2624667$\ole32.dll
[7] 2010-07-16 . 8D51FB47062F2A1A9EFECCEF338A4C46 . 1289216 . . [5.1.2600.6010] . . c:\windows\$hf_mig$\KB979687\SP3QFE\ole32.dll
[7] 2008-04-14 . ECCE74BC6168375016450A86A164D976 . 1287168 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB979687$\ole32.dll
.
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[7] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[7] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[7] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
[7] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\ksuser.dll
.
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2008-04-14 . 5F1D5F88303D4A4DBC8E5F97BA967CC3 . 15360 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ctfmon.exe
.
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\shsvcs.dll
[7] 2009-07-27 . 99BC0B50F511924348BE19C7C7313BBF . 135168 . . [6.00.2900.5853] . . c:\windows\system32\dllcache\shsvcs.dll
[7] 2009-07-27 . 888CD7B39C37E13A2419BECFAAF0A28C . 135168 . . [6.00.2900.5853] . . c:\windows\$hf_mig$\KB971029\SP3QFE\shsvcs.dll
[7] 2008-04-14 . 1926899BF9FFE2602B63074971700412 . 135168 . . [6.00.2900.5512] . . c:\windows\$NtUninstallKB971029$\shsvcs.dll
.
[7] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
[7] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msimg32.dll
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wscntfy.exe
.
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\xmlprov.dll
.
[7] 2010-12-09 . 15CE4DBC22FAB90B3CA5352AF1FFF81C . 718336 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntdll.dll
[7] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\ntdll.dll
[7] 2010-12-09 . F8F0D25CA553E39DDE485D8FC7FCCE89 . 718336 . . [5.1.2600.6055] . . c:\windows\system32\dllcache\ntdll.dll
[7] 2009-02-09 . 911DDF2E16761643A47225F654D811E5 . 714752 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB2393802$\ntdll.dll
[7] 2009-02-09 . B0913005EE3FC15D7F72472D0B8A30EB . 715264 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntdll.dll
[7] 2008-04-14 . 27D9ED8CB8B62D1E0A8E5ACE6CF52E2F . 706048 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntdll.dll
.
[7] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\MSCTFIME.IME
[7] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msctfime.ime
.
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\eventlog.dll
.
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[7] 2008-04-14 . 9DD07AF82244867CA36681EA2D29CE79 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\sfcfiles.dll
.
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ipsec.sys
[7] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
[7] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\regsvc.dll
.
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
[7] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\schedsvc.dll
.
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
[7] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ssdpsrv.dll
.
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
[7] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\termsrv.dll
.
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
[7] 2008-04-14 . 3CB32D3B8CBE79899D63280BB7A83CD9 . 344064 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\hnetcfg.dll
.
[7] 2008-04-14 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[7] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\dllcache\aec.sys
[7] 2008-04-14 06:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ip6fw.sys
[7] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[7] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[7] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[7] 2008-04-14 12:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
[7] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\msgsvc.dll
.
[7] 2008-04-14 12:00 . C7E39EA41233E9F5B86C8DA3A9F1E4A8 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[7] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[7] 2006-10-19 01:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
.
[7] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntkrnlpa.exe
[7] 2012-08-21 . B326D5E256D2F32B23E64F49DEBCE31B . 2069632 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\fbc47fae71d3cd77379206e8d4ba1ccb\sp3qfe\ntkrnlpa.exe
[7] 2012-08-21 . 61027EE2D9859A2B41D588D92F256CFB . 2027520 . . [5.1.2600.6284] . . c:\windows\system32\ntkrnlpa.exe
[7] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\fbc47fae71d3cd77379206e8d4ba1ccb\sp3gdr\ntkrnlpa.exe
[7] 2012-08-21 . B2D4FD49DDEF6DEF6900DAAC5730F425 . 2069632 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntkrnlpa.exe
[-] 2012-05-04 . 8E99A0CE02C1BEDA6C0935A4DDE9CEAA . 2069120 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3qfe\ntkrnlpa.exe
[-] 2012-05-04 . 5DD80D56AF1CEFBFF4F25951069B55BB . 2069120 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3gdr\ntkrnlpa.exe
[7] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntkrnlpa.exe
[7] 2012-04-11 . 063A0F8A90D8E2B802E5243FE9AABCF3 . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntkrnlpa.exe
[7] 2012-04-11 . 0C9E44D256948FA68AE10D67984862CE . 2069120 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntkrnlpa.exe
[7] 2012-04-11 . 61CCE48F7BD00E0E4D5CDE206F2DDC1B . 2026496 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2724197$\ntkrnlpa.exe
[-] 2011-10-25 . DB19FFF0C805664CB95062C027B11FE9 . 2069376 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3qfe\ntkrnlpa.exe
[-] 2011-10-25 . CE1A2FEDBD001ECDC5AD1975AFAD040A . 2069376 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3gdr\ntkrnlpa.exe
[7] 2010-12-09 . F67CD97282E0ABFAF91A9A1359B16F2D . 2069376 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntkrnlpa.exe
[7] 2010-12-09 . 9ED77E2307F6EC6F174C063C15AA3B8C . 2027008 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2676562$\ntkrnlpa.exe
[7] 2010-04-28 . 756362706DE8BC92F11E197C98A73844 . 2066944 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntkrnlpa.exe
[7] 2010-04-27 . 49E936E1398D1A536E84CD5D068F0F09 . 2024448 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntkrnlpa.exe
[7] 2010-02-16 . E8B8801DE921912EBDEEFC76662F7EAD . 2024448 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntkrnlpa.exe
[7] 2010-02-16 . DED8B5A89B085284634502E9D75AC78C . 2066944 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntkrnlpa.exe
[7] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe
[7] 2009-12-08 . 089F1E207B067A4DDEB2EEC37BBB1AA7 . 2023936 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntkrnlpa.exe
[7] 2009-08-05 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe
[7] 2009-08-04 . 32B1A971183EC22DD91EEDA61C499E7C . 2023936 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntkrnlpa.exe
[7] 2009-02-06 . 65D4220799E6FC2CB079070A6393CC0E . 2023936 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2008-04-14 . 7F653A89F6E89E3AE0D49830EECE35D4 . 2023936 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
.
[7] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
[7] 2008-04-14 12:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\dllcache\ntmssvc.dll
.
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
[7] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\upnphost.dll
.
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
[7] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dllcache\dsound.dll
.
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
[7] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\d3d9.dll
.
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
[7] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\dllcache\ddraw.dll
.
[7] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
[7] 2008-04-14 12:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\olepro32.dll
.
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
[7] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\perfctrs.dll
.
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
[7] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\version.dll
.
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\system32\dllcache\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ie8\iexplore.exe
.
.
[7] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\$hf_mig$\KB2724197\SP3QFE\ntoskrnl.exe
[7] 2012-08-21 . ECA5980E1A78DBF9CB7F49F76791C0D1 . 2193024 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\fbc47fae71d3cd77379206e8d4ba1ccb\sp3qfe\ntoskrnl.exe
[7] 2012-08-21 . B9A14D5875CE262774388BD43BA56FF3 . 2148864 . . [5.1.2600.6284] . . c:\windows\system32\ntoskrnl.exe
[7] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\SoftwareDistribution\Download\fbc47fae71d3cd77379206e8d4ba1ccb\sp3gdr\ntoskrnl.exe
[7] 2012-08-21 . 49FB9F4A7CE25B82B1E00C402783F5C5 . 2192896 . . [5.1.2600.6284] . . c:\windows\system32\dllcache\ntoskrnl.exe
[-] 2012-05-04 . 099A0F80A563EBE935F4A9750F96C219 . 2192640 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3qfe\ntoskrnl.exe
[-] 2012-05-04 . DDF0CB8CD3C6007CDF4AD8F0409ED930 . 2192640 . . [5.1.2600.6223] . . c:\windows\SoftwareDistribution\Download\08dc6fdd6e5cdbc939c4d8b98c94c9fd\sp3gdr\ntoskrnl.exe
[7] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\$hf_mig$\KB2676562\SP3QFE\ntoskrnl.exe
[7] 2012-04-11 . 8D061BB825BC606C2B1C6F7452D1BAAA . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3qfe\ntoskrnl.exe
[7] 2012-04-11 . A144D60B35E6DD14CCB9649B5E0D1092 . 2148352 . . [5.1.2600.6206] . . c:\windows\$NtUninstallKB2724197$\ntoskrnl.exe
[7] 2012-04-11 . 536168936EBF326E36C655EC5AE34B03 . 2192640 . . [5.1.2600.6206] . . c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\sp3gdr\ntoskrnl.exe
[-] 2011-10-25 . F512C662874D7545E5BD8005E6800A44 . 2192768 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3qfe\ntoskrnl.exe
[-] 2011-10-25 . 892CDDFF7EF96951B9B0B50974070E47 . 2192768 . . [5.1.2600.6165] . . c:\windows\SoftwareDistribution\Download\bbdccbfd5870508d129e9b482b642cbf\sp3gdr\ntoskrnl.exe
[7] 2010-12-09 . A531BBD3DE13121C1380ED7DC99082DB . 2192768 . . [5.1.2600.6055] . . c:\windows\$hf_mig$\KB2393802\SP3QFE\ntoskrnl.exe
[7] 2010-12-09 . 60E16152D847D7A7B7D3DA4C4B8E2120 . 2148864 . . [5.1.2600.6055] . . c:\windows\$NtUninstallKB2676562$\ntoskrnl.exe
[7] 2010-04-27 . 466A3E1239F4A9428797730E81A7A865 . 2146304 . . [5.1.2600.5973] . . c:\windows\$NtUninstallKB2393802$\ntoskrnl.exe
[7] 2010-04-27 . A2ABBEC40CDB57454645D06B7EBD22F5 . 2190080 . . [5.1.2600.5973] . . c:\windows\$hf_mig$\KB981852\SP3QFE\ntoskrnl.exe
[7] 2010-02-16 . 048DB3459FAB4CA741DCC84E1F374D65 . 2146304 . . [5.1.2600.5938] . . c:\windows\$NtUninstallKB981852$\ntoskrnl.exe
[7] 2010-02-16 . E1F653A542449D54FA2D27463D99B6B6 . 2190080 . . [5.1.2600.5938] . . c:\windows\$hf_mig$\KB979683\SP3QFE\ntoskrnl.exe
[7] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe
[7] 2009-12-08 . 9696C553F994340CD6AA5C5A724C3A19 . 2145280 . . [5.1.2600.5913] . . c:\windows\$NtUninstallKB979683$\ntoskrnl.exe
[7] 2009-08-04 . 78FCC97CD878D4CF5B5D2158A5A7CF92 . 2145280 . . [5.1.2600.5857] . . c:\windows\$NtUninstallKB977165$\ntoskrnl.exe
[7] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . 0CBA44D0938D57F334C0862424148B70 . 2145280 . . [5.1.2600.5755] . . c:\windows\$NtUninstallKB971486$\ntoskrnl.exe
[7] 2008-04-14 . 40F8880122A030A7E9E1FEDEA833B33D . 2145280 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
.
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
[7] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\srsvc.dll
.
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
[7] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\w32time.dll
.
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
[7] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wiaservc.dll
.
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
[7] 2008-04-14 . 5C12660A97822F6E61576943B49AAAD6 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\midimap.dll
.
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
[7] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\rasadhlp.dll
.
[7] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
[7] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-02-04 19:54 283736 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2011-02-04 491272]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-02-04 2898592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-10-05 6756048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Grace\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2012-11-1 49360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/29/2012 9:54 PM 738504]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10/5/2012 12:32 AM 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/5/2012 12:32 AM 497952]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/23/2009 10:08 AM 710824]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/23/2009 10:07 AM 2040144]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [11/1/2012 8:52 AM 70352]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [10/11/2012 11:15 AM 1853584]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [12/23/2009 8:09 AM 68136]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [10/31/2012 3:46 PM 1467088]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/23/2009 10:07 AM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/23/2009 10:08 AM 267624]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/23/2009 8:13 AM 1684736]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [12/23/2009 10:08 AM 72352]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 192.168.2.1
TCP: Interfaces\{012CAEAC-798C-4675-BC66-5B6D58723841}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A0EC9268-60C8-437F-AE89-6A2F43478B1A}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Grace\Application Data\Mozilla\Firefox\Profiles\3x52ewoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: !HIDDEN! 2009-12-23 09:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-tvncontrol - c:\program files\Common Files\Comodo\tvnserver.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 14:00
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2240)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(984)
c:\windows\system32\cmdcsr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Comodo\GeekBuddy\unit_manager.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
c:\program files\Comodo\GeekBuddy\unit.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2012-11-06 14:08:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-06 19:08
.
Pre-Run: 113,207,975,936 bytes free
Post-Run: 115,937,996,800 bytes free
.
- - End Of File - - A9CEA0188BBD3753F63B76BFDAC8EA41

Edited by Icanhazrootkit, 07 November 2012 - 04:43 AM.


#11 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 07 November 2012 - 04:17 AM

Okay, I missed something, a couple of things first time out...

Agnitum Outpost has a feature that can be set to prevent animated banner ads from running... I missed the visual for dragging the boot disk file to the combofix icon to start it.

Outpost also doesn't like being shut down without telling it how long to shut down... I had set it to shut until reboot, which was probably the wrong choice.

I reran combofix after renaming and saving the log (already posted as well) and set Outpost to stay shut for an hour rather than until reboot.

Recovery console installed and Combofix ran without interruption by Outpost after reboot.

Other than installing the recovery console it does not appear to have found anything to do this time around though. Here is the new log.

ComboFix 12-11-06.03 - Grace 11/07/2012 3:34.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1130 [GMT -5:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Grace\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
AV: COMODO Antivirus *Disabled/Updated* {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
FW: Outpost Firewall Pro *Enabled* {8A20CA2A-9E02-4A64-923B-0A38208EB7FD}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-07 to 2012-11-07 )))))))))))))))))))))))))))))))
.
.
2012-11-06 12:40 . 2012-11-06 12:40 -------- d-----w- c:\documents and settings\Grace\Local Settings\Application Data\Sun
2012-11-04 16:20 . 2012-11-04 16:20 -------- d-----w- c:\program files\Common Files\Java
2012-11-04 16:09 . 2012-11-04 16:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-11-04 16:08 . 2012-11-04 16:08 -------- d-----w- c:\program files\Java
2012-11-04 15:40 . 2012-11-04 15:40 -------- d-----w- c:\program files\Microsoft.NET
2012-11-04 15:34 . 2012-11-04 15:34 -------- d-----w- c:\program files\Microsoft Silverlight
2012-11-04 15:16 . 2012-11-04 15:18 -------- d-----w- c:\documents and settings\Grace\Local Settings\Application Data\ApplicationHistory
2012-11-04 15:11 . 2012-11-04 15:11 -------- d-----w- c:\documents and settings\LocalService\Application Data\GeekBuddyRSP
2012-11-04 15:10 . 2012-11-04 15:10 -------- d-----w- c:\program files\Common Files\Comodo
2012-10-31 08:31 . 2012-10-31 08:31 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\COMODO
2012-10-31 08:31 . 2012-10-31 08:31 -------- d-----w- c:\documents and settings\All Users\Application Data\CPA_VA
2012-10-31 08:25 . 2012-11-07 08:29 432320 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-10-31 08:21 . 2012-10-31 08:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\COMODO
2012-10-31 08:19 . 2012-10-31 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2012-10-31 08:18 . 2012-10-31 08:30 45320 ----a-w- c:\windows\system32\certsentry.dll
2012-10-31 08:18 . 2012-11-04 15:58 -------- d-----w- c:\documents and settings\Grace\Local Settings\Application Data\Comodo
2012-10-31 08:18 . 2012-11-04 15:10 -------- d-----w- c:\program files\Comodo
2012-10-31 08:18 . 2012-10-31 08:18 348160 ----a-w- c:\windows\system32\msvcr71.dll
2012-10-31 08:18 . 2012-10-31 08:18 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-10-31 08:18 . 2012-10-31 08:18 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-10-30 02:54 . 2012-10-23 10:18 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 02:54 . 2012-10-23 10:17 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 02:54 . 2012-10-30 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-10-29 12:03 . 2012-10-29 12:03 -------- d-----w- c:\documents and settings\Grace\Application Data\Windows Search
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 18:59 . 2009-12-23 13:18 17488 ----a-w- c:\windows\gdrv.sys
2012-10-05 05:33 . 2012-10-05 05:33 99080 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-10-05 05:32 . 2012-10-05 05:32 497952 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-10-05 05:32 . 2012-10-05 05:32 32640 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-10-05 05:32 . 2012-10-05 05:32 18096 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-10-05 05:32 . 2012-10-05 05:32 34024 ----a-w- c:\windows\system32\cmdcsr.dll
2012-10-05 05:32 . 2012-10-05 05:32 301264 ----a-w- c:\windows\system32\guard32.dll
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2008-04-14 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:33 . 2008-04-14 12:00 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58 . 2008-04-14 00:01 2027520 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-10-27 01:15 . 2012-10-27 01:15 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Outpost]
@="{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}"
[HKEY_CLASSES_ROOT\CLSID\{33C9E362-3EDA-4930-8AFE-5DA39A8BB77A}]
2011-02-04 19:54 283736 ----a-w- c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-30 98304]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"OutpostFeedBack"="c:\program files\Agnitum\Outpost Firewall Pro\feedback.exe" [2011-02-04 491272]
"OutpostMonitor"="c:\progra~1\Agnitum\OUTPOS~1\op_mon.exe" [2011-02-04 2898592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-10-05 6756048]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\documents and settings\Grace\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Start GeekBuddy.lnk - c:\program files\Comodo\GeekBuddy\launcher.exe [2012-11-1 49360]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\program files\Common Files\Comodo\GeekBuddyRSP.exe"= c:\program files\Common Files\Comodo\GeekBuddyRSP.exe:127.0.0.1/255.255.255.255:Enabled:GeekBuddy RSP
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [10/29/2012 9:54 PM 738504]
R1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\drivers\cmderd.sys [10/5/2012 12:32 AM 18096]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [10/5/2012 12:32 AM 497952]
R1 SandBox;SandBox;c:\windows\system32\drivers\SandBox.sys [12/23/2009 10:08 AM 710824]
R2 acssrv;Agnitum Client Security Service;c:\progra~1\Agnitum\OUTPOS~1\acs.exe [12/23/2009 10:07 AM 2040144]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files\Common Files\Comodo\launcher_service.exe [11/1/2012 8:52 AM 70352]
R2 DragonUpdater;COMODO Dragon Update Service;c:\program files\Comodo\Dragon\dragon_updater.exe [10/11/2012 11:15 AM 1853584]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [12/23/2009 8:09 AM 68136]
R2 GeekBuddyRSP;GeekBuddy Remote Screen Protocol;c:\program files\Common Files\Comodo\GeekBuddyRSP.exe [10/31/2012 3:46 PM 1467088]
R3 afw;Agnitum firewall driver;c:\windows\system32\drivers\afw.sys [12/23/2009 10:07 AM 34280]
R3 afwcore;afwcore;c:\windows\system32\drivers\afwcore.sys [12/23/2009 10:08 AM 267624]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/23/2009 8:13 AM 1684736]
S3 ASWFilt;ASWFilt;c:\windows\system32\Filt\ASWFilt.dll [12/23/2009 10:08 AM 72352]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
TCP: DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62 192.168.2.1
TCP: Interfaces\{012CAEAC-798C-4675-BC66-5B6D58723841}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{A0EC9268-60C8-437F-AE89-6A2F43478B1A}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath - c:\documents and settings\Grace\Application Data\Mozilla\Firefox\Profiles\3x52ewoh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: !HIDDEN! 2009-12-23 09:08; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-07 03:39
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1044)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2116)
c:\windows\system32\WININET.dll
c:\windows\system32\guard32.dll
c:\program files\Agnitum\Outpost Firewall Pro\op_shell.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\IEFRAME.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
- - - - - - - > 'csrss.exe'(984)
c:\windows\system32\cmdcsr.dll
.
Completion time: 2012-11-07 03:40:29
ComboFix-quarantined-files.txt 2012-11-07 08:40
ComboFix2.txt 2012-11-06 19:08
.
Pre-Run: 115,894,484,992 bytes free
Post-Run: 115,882,168,320 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect /usepmtimer
.
- - End Of File - - B1964F03510519F0153B780B2EBE5BF4


I don't see anything unusual here anymore. How about you?

#12 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:39 AM

Posted 07 November 2012 - 07:13 AM

Hey :)

Okay, I missed something, a couple of things first time out...

No problem, you've done very well!

I would like to double check though, to make sure you are clean of any rootkit, so please follow the next set of instructions:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Best Regards,
oneof4.


#13 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 07 November 2012 - 01:17 PM

First pass scan...

13:05:46.0109 2692 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:05:46.0812 2692 ============================================================
13:05:46.0812 2692 Current date / time: 2012/11/07 13:05:46.0812
13:05:46.0812 2692 SystemInfo:
13:05:46.0812 2692
13:05:46.0812 2692 OS Version: 5.1.2600 ServicePack: 3.0
13:05:46.0812 2692 Product type: Workstation
13:05:46.0812 2692 ComputerName: GRACE-EAC8E1A65
13:05:46.0812 2692 UserName: Grace
13:05:46.0812 2692 Windows directory: C:\WINDOWS
13:05:46.0812 2692 System windows directory: C:\WINDOWS
13:05:46.0812 2692 Processor architecture: Intel x86
13:05:46.0812 2692 Number of processors: 2
13:05:46.0812 2692 Page size: 0x1000
13:05:46.0812 2692 Boot type: Normal boot
13:05:46.0812 2692 ============================================================
13:05:48.0234 2692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E09ADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:05:48.0250 2692 ============================================================
13:05:48.0250 2692 \Device\Harddisk0\DR0:
13:05:48.0250 2692 MBR partitions:
13:05:48.0250 2692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
13:05:48.0265 2692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0x5DBF6E8
13:05:48.0281 2692 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x148200A8, BlocksNum 0x1388AFC
13:05:48.0296 2692 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x15BA8BE3, BlocksNum 0x5EB5505C
13:05:48.0296 2692 ============================================================
13:05:48.0296 2692 C: <-> \Device\Harddisk0\DR0\Partition1
13:05:48.0343 2692 D: <-> \Device\Harddisk0\DR0\Partition2
13:05:48.0359 2692 E: <-> \Device\Harddisk0\DR0\Partition3
13:05:48.0390 2692 F: <-> \Device\Harddisk0\DR0\Partition4
13:05:48.0390 2692 ============================================================
13:05:48.0390 2692 Initialize success
13:05:48.0390 2692 ============================================================
13:07:26.0578 3628 ============================================================
13:07:26.0578 3628 Scan started
13:07:26.0578 3628 Mode: Manual;
13:07:26.0578 3628 ============================================================
13:07:27.0046 3628 ================ Scan system memory ========================
13:07:27.0062 3628 System memory - ok
13:07:27.0062 3628 ================ Scan services =============================
13:07:27.0140 3628 Abiosdsk - ok
13:07:27.0140 3628 abp480n5 - ok
13:07:27.0171 3628 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:07:27.0171 3628 ACPI - ok
13:07:27.0187 3628 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:07:27.0187 3628 ACPIEC - ok
13:07:27.0296 3628 [ EA91221CF2E4F89707014A8238AA3A61 ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
13:07:27.0328 3628 acssrv - ok
13:07:27.0343 3628 adpu160m - ok
13:07:27.0375 3628 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:07:27.0375 3628 aec - ok
13:07:27.0406 3628 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:07:27.0406 3628 AFD - ok
13:07:27.0421 3628 [ 14BA5CA5D11771CE8E8B6CC6830A2436 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
13:07:27.0500 3628 afw - ok
13:07:27.0515 3628 [ 1F3D61965A9BD278A205D3062176E45C ] afwcore C:\WINDOWS\system32\drivers\afwcore.sys
13:07:27.0625 3628 afwcore - ok
13:07:27.0625 3628 Aha154x - ok
13:07:27.0640 3628 aic78u2 - ok
13:07:27.0640 3628 aic78xx - ok
13:07:27.0656 3628 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:07:27.0656 3628 Alerter - ok
13:07:27.0671 3628 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:07:27.0671 3628 ALG - ok
13:07:27.0687 3628 AliIde - ok
13:07:27.0734 3628 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
13:07:27.0765 3628 Ambfilt - ok
13:07:27.0796 3628 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:07:27.0796 3628 AmdPPM - ok
13:07:27.0796 3628 amsint - ok
13:07:27.0812 3628 AppMgmt - ok
13:07:27.0828 3628 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:07:27.0828 3628 Arp1394 - ok
13:07:27.0828 3628 asc - ok
13:07:27.0828 3628 asc3350p - ok
13:07:27.0843 3628 asc3550 - ok
13:07:27.0875 3628 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:07:27.0890 3628 aspnet_state - ok
13:07:27.0906 3628 [ 722213A5C09B21C0E6E61F4082F0C683 ] ASWFilt C:\WINDOWS\system32\Filt\ASWFilt.dll
13:07:27.0906 3628 ASWFilt - ok
13:07:27.0937 3628 [ 6C8B09E245795E98B6BCC983D0AA4D26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
13:07:28.0031 3628 aswSnx - ok
13:07:28.0046 3628 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:07:28.0046 3628 AsyncMac - ok
13:07:28.0062 3628 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:07:28.0078 3628 atapi - ok
13:07:28.0078 3628 Atdisk - ok
13:07:28.0109 3628 [ 96C29C702A9CCD372BA097F3F8B5AC80 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:07:28.0218 3628 Ati HotKey Poller - ok
13:07:28.0281 3628 [ C4828A671467C6FB43F2E6D54B5950EE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:07:28.0500 3628 ati2mtag - ok
13:07:28.0500 3628 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:07:28.0515 3628 Atmarpc - ok
13:07:28.0515 3628 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:07:28.0531 3628 AudioSrv - ok
13:07:28.0546 3628 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:07:28.0546 3628 audstub - ok
13:07:28.0562 3628 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:07:28.0562 3628 Beep - ok
13:07:28.0593 3628 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:07:28.0609 3628 BITS - ok
13:07:28.0625 3628 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:07:28.0703 3628 Browser - ok
13:07:28.0718 3628 catchme - ok
13:07:28.0734 3628 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:07:28.0734 3628 cbidf2k - ok
13:07:28.0750 3628 cd20xrnt - ok
13:07:28.0765 3628 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:07:28.0765 3628 Cdaudio - ok
13:07:28.0781 3628 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:07:28.0781 3628 Cdfs - ok
13:07:28.0781 3628 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:07:28.0781 3628 Cdrom - ok
13:07:28.0781 3628 Changer - ok
13:07:28.0796 3628 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:07:28.0812 3628 CiSvc - ok
13:07:28.0812 3628 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:07:28.0812 3628 ClipSrv - ok
13:07:28.0859 3628 [ 5724D9ECBF2A378EBF85FDC3BDA01F98 ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
13:07:28.0937 3628 CLPSLauncher - ok
13:07:28.0953 3628 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:07:28.0984 3628 clr_optimization_v2.0.50727_32 - ok
13:07:29.0046 3628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:07:29.0046 3628 clr_optimization_v4.0.30319_32 - ok
13:07:29.0109 3628 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:07:29.0125 3628 cmdAgent - ok
13:07:29.0140 3628 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
13:07:29.0234 3628 cmderd - ok
13:07:29.0234 3628 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
13:07:29.0343 3628 cmdGuard - ok
13:07:29.0343 3628 CmdIde - ok
13:07:29.0343 3628 COMSysApp - ok
13:07:29.0359 3628 Cpqarray - ok
13:07:29.0375 3628 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:07:29.0375 3628 CryptSvc - ok
13:07:29.0375 3628 dac2w2k - ok
13:07:29.0390 3628 dac960nt - ok
13:07:29.0421 3628 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:07:29.0421 3628 DcomLaunch - ok
13:07:29.0453 3628 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:07:29.0453 3628 Dhcp - ok
13:07:29.0453 3628 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:07:29.0453 3628 Disk - ok
13:07:29.0468 3628 dmadmin - ok
13:07:29.0484 3628 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:07:29.0500 3628 dmboot - ok
13:07:29.0515 3628 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:07:29.0515 3628 dmio - ok
13:07:29.0531 3628 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:07:29.0531 3628 dmload - ok
13:07:29.0546 3628 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:07:29.0546 3628 dmserver - ok
13:07:29.0562 3628 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:07:29.0562 3628 DMusic - ok
13:07:29.0593 3628 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:07:29.0593 3628 Dnscache - ok
13:07:29.0609 3628 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:07:29.0609 3628 Dot3svc - ok
13:07:29.0625 3628 dpti2o - ok
13:07:29.0671 3628 [ 28A88BB61B6B4A352729BA22BD2D2604 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
13:07:29.0718 3628 DragonUpdater - ok
13:07:29.0734 3628 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:07:29.0734 3628 drmkaud - ok
13:07:29.0750 3628 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:07:29.0750 3628 EapHost - ok
13:07:29.0765 3628 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:07:29.0765 3628 ERSvc - ok
13:07:29.0781 3628 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
13:07:29.0859 3628 ES lite Service - ok
13:07:29.0890 3628 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:07:29.0890 3628 Eventlog - ok
13:07:29.0906 3628 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:07:29.0921 3628 EventSystem - ok
13:07:29.0937 3628 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:07:29.0937 3628 Fastfat - ok
13:07:29.0953 3628 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:07:29.0968 3628 FastUserSwitchingCompatibility - ok
13:07:29.0968 3628 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:07:29.0984 3628 Fdc - ok
13:07:29.0984 3628 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:07:30.0000 3628 Fips - ok
13:07:30.0000 3628 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:07:30.0000 3628 Flpydisk - ok
13:07:30.0015 3628 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:07:30.0015 3628 FltMgr - ok
13:07:30.0046 3628 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:07:30.0046 3628 FontCache3.0.0.0 - ok
13:07:30.0062 3628 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:07:30.0062 3628 Fs_Rec - ok
13:07:30.0093 3628 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:07:30.0093 3628 Ftdisk - ok
13:07:30.0093 3628 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
13:07:30.0218 3628 gdrv - ok
13:07:30.0250 3628 [ 31B5C233933CAF0FB1499F458F04FD9A ] GeekBuddyRSP C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
13:07:30.0375 3628 GeekBuddyRSP - ok
13:07:30.0390 3628 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:07:30.0390 3628 Gpc - ok
13:07:30.0406 3628 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:07:30.0406 3628 HDAudBus - ok
13:07:30.0437 3628 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:07:30.0437 3628 helpsvc - ok
13:07:30.0453 3628 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:07:30.0453 3628 HidServ - ok
13:07:30.0468 3628 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:07:30.0468 3628 HidUsb - ok
13:07:30.0484 3628 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:07:30.0484 3628 hkmsvc - ok
13:07:30.0500 3628 hpn - ok
13:07:30.0515 3628 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:07:30.0531 3628 HTTP - ok
13:07:30.0546 3628 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:07:30.0562 3628 HTTPFilter - ok
13:07:30.0562 3628 i2omgmt - ok
13:07:30.0562 3628 i2omp - ok
13:07:30.0593 3628 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:07:30.0609 3628 i8042prt - ok
13:07:30.0671 3628 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:07:30.0687 3628 idsvc - ok
13:07:30.0687 3628 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:07:30.0687 3628 Imapi - ok
13:07:30.0718 3628 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:07:30.0718 3628 ImapiService - ok
13:07:30.0734 3628 ini910u - ok
13:07:30.0859 3628 [ E8656858D8B2DA7C9CF59FB4E5CE32ED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:07:31.0203 3628 IntcAzAudAddService - ok
13:07:31.0218 3628 IntelIde - ok
13:07:31.0234 3628 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:07:31.0234 3628 Ip6Fw - ok
13:07:31.0265 3628 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:07:31.0265 3628 IpFilterDriver - ok
13:07:31.0265 3628 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:07:31.0281 3628 IpInIp - ok
13:07:31.0281 3628 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:07:31.0281 3628 IpNat - ok
13:07:31.0296 3628 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:07:31.0296 3628 IPSec - ok
13:07:31.0328 3628 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:07:31.0328 3628 IRENUM - ok
13:07:31.0343 3628 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:07:31.0343 3628 isapnp - ok
13:07:31.0390 3628 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:07:31.0390 3628 JavaQuickStarterService - ok
13:07:31.0406 3628 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:07:31.0406 3628 Kbdclass - ok
13:07:31.0406 3628 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:07:31.0406 3628 kbdhid - ok
13:07:31.0421 3628 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:07:31.0437 3628 kmixer - ok
13:07:31.0453 3628 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:07:31.0453 3628 KSecDD - ok
13:07:31.0453 3628 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:07:31.0546 3628 LanmanServer - ok
13:07:31.0562 3628 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:07:31.0578 3628 lanmanworkstation - ok
13:07:31.0578 3628 lbrtfdc - ok
13:07:31.0593 3628 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:07:31.0593 3628 LmHosts - ok
13:07:31.0609 3628 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:07:31.0609 3628 Messenger - ok
13:07:31.0625 3628 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:07:31.0640 3628 mnmdd - ok
13:07:31.0640 3628 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:07:31.0656 3628 mnmsrvc - ok
13:07:31.0656 3628 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:07:31.0656 3628 Modem - ok
13:07:31.0703 3628 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
13:07:31.0718 3628 Monfilt - ok
13:07:31.0734 3628 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:07:31.0734 3628 Mouclass - ok
13:07:31.0750 3628 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:07:31.0750 3628 mouhid - ok
13:07:31.0765 3628 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:07:31.0765 3628 MountMgr - ok
13:07:31.0796 3628 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:07:31.0796 3628 MozillaMaintenance - ok
13:07:31.0812 3628 mraid35x - ok
13:07:31.0812 3628 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:07:31.0812 3628 MRxDAV - ok
13:07:31.0859 3628 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:07:31.0859 3628 MRxSmb - ok
13:07:31.0875 3628 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:07:31.0890 3628 MSDTC - ok
13:07:31.0890 3628 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:07:31.0890 3628 Msfs - ok
13:07:31.0906 3628 MSIServer - ok
13:07:31.0921 3628 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:07:31.0921 3628 MSKSSRV - ok
13:07:31.0937 3628 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:07:31.0937 3628 MSPCLOCK - ok
13:07:31.0937 3628 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:07:31.0937 3628 MSPQM - ok
13:07:31.0953 3628 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:07:31.0953 3628 mssmbios - ok
13:07:31.0968 3628 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:07:32.0062 3628 Mup - ok
13:07:32.0078 3628 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:07:32.0093 3628 napagent - ok
13:07:32.0109 3628 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:07:32.0109 3628 NDIS - ok
13:07:32.0125 3628 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:07:32.0140 3628 NdisTapi - ok
13:07:32.0156 3628 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:07:32.0156 3628 Ndisuio - ok
13:07:32.0156 3628 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:07:32.0171 3628 NdisWan - ok
13:07:32.0171 3628 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:07:32.0250 3628 NDProxy - ok
13:07:32.0250 3628 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:07:32.0250 3628 NetBIOS - ok
13:07:32.0265 3628 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:07:32.0265 3628 NetBT - ok
13:07:32.0281 3628 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:07:32.0281 3628 NetDDE - ok
13:07:32.0296 3628 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:07:32.0296 3628 NetDDEdsdm - ok
13:07:32.0312 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:07:32.0328 3628 Netlogon - ok
13:07:32.0359 3628 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:07:32.0359 3628 Netman - ok
13:07:32.0406 3628 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:07:32.0406 3628 NetTcpPortSharing - ok
13:07:32.0421 3628 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:07:32.0421 3628 NIC1394 - ok
13:07:32.0453 3628 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:07:32.0453 3628 Nla - ok
13:07:32.0453 3628 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:07:32.0453 3628 Npfs - ok
13:07:32.0468 3628 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:07:32.0484 3628 Ntfs - ok
13:07:32.0484 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:07:32.0484 3628 NtLmSsp - ok
13:07:32.0500 3628 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:07:32.0515 3628 NtmsSvc - ok
13:07:32.0531 3628 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:07:32.0531 3628 Null - ok
13:07:32.0562 3628 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:07:32.0562 3628 NwlnkFlt - ok
13:07:32.0562 3628 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:07:32.0562 3628 NwlnkFwd - ok
13:07:32.0578 3628 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:07:32.0593 3628 ohci1394 - ok
13:07:32.0593 3628 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:07:32.0609 3628 Parport - ok
13:07:32.0609 3628 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:07:32.0609 3628 PartMgr - ok
13:07:32.0640 3628 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:07:32.0640 3628 ParVdm - ok
13:07:32.0656 3628 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:07:32.0656 3628 PCI - ok
13:07:32.0656 3628 PCIDump - ok
13:07:32.0656 3628 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:07:32.0656 3628 PCIIde - ok
13:07:32.0687 3628 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:07:32.0687 3628 Pcmcia - ok
13:07:32.0687 3628 PDCOMP - ok
13:07:32.0687 3628 PDFRAME - ok
13:07:32.0703 3628 PDRELI - ok
13:07:32.0703 3628 PDRFRAME - ok
13:07:32.0703 3628 perc2 - ok
13:07:32.0718 3628 perc2hib - ok
13:07:32.0734 3628 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:07:32.0750 3628 PlugPlay - ok
13:07:32.0750 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:07:32.0750 3628 PolicyAgent - ok
13:07:32.0781 3628 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:07:32.0781 3628 PptpMiniport - ok
13:07:32.0796 3628 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:07:32.0796 3628 Processor - ok
13:07:32.0796 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:07:32.0812 3628 ProtectedStorage - ok
13:07:32.0812 3628 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:07:32.0812 3628 PSched - ok
13:07:32.0812 3628 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:07:32.0828 3628 Ptilink - ok
13:07:32.0828 3628 ql1080 - ok
13:07:32.0828 3628 Ql10wnt - ok
13:07:32.0828 3628 ql12160 - ok
13:07:32.0843 3628 ql1240 - ok
13:07:32.0843 3628 ql1280 - ok
13:07:32.0859 3628 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:07:32.0859 3628 RasAcd - ok
13:07:32.0875 3628 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:07:32.0875 3628 RasAuto - ok
13:07:32.0875 3628 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:07:32.0890 3628 Rasl2tp - ok
13:07:32.0906 3628 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:07:32.0906 3628 RasMan - ok
13:07:32.0921 3628 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:07:32.0921 3628 RasPppoe - ok
13:07:32.0921 3628 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:07:32.0937 3628 Raspti - ok
13:07:32.0937 3628 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:07:32.0937 3628 Rdbss - ok
13:07:32.0953 3628 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:07:32.0953 3628 RDPCDD - ok
13:07:32.0984 3628 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:07:33.0062 3628 RDPWD - ok
13:07:33.0093 3628 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:07:33.0093 3628 RDSessMgr - ok
13:07:33.0125 3628 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:07:33.0140 3628 redbook - ok
13:07:33.0140 3628 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:07:33.0156 3628 RemoteAccess - ok
13:07:33.0171 3628 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:07:33.0171 3628 RpcLocator - ok
13:07:33.0203 3628 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:07:33.0203 3628 RpcSs - ok
13:07:33.0218 3628 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:07:33.0218 3628 RSVP - ok
13:07:33.0312 3628 [ 3CF6631543C743C29A369287EA67FFE6 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
13:07:33.0390 3628 RTHDMIAzAudService - ok
13:07:33.0406 3628 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:07:33.0406 3628 RTLE8023xp - ok
13:07:33.0406 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:07:33.0421 3628 SamSs - ok
13:07:33.0437 3628 [ E5118CD3FEEDE70318A78D7D7A613DA9 ] SandBox C:\WINDOWS\system32\drivers\SandBox.sys
13:07:33.0453 3628 SandBox - ok
13:07:33.0468 3628 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:07:33.0484 3628 SCardSvr - ok
13:07:33.0500 3628 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:07:33.0515 3628 Schedule - ok
13:07:33.0515 3628 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:07:33.0515 3628 Secdrv - ok
13:07:33.0546 3628 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:07:33.0546 3628 seclogon - ok
13:07:33.0546 3628 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:07:33.0562 3628 SENS - ok
13:07:33.0578 3628 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:07:33.0578 3628 serenum - ok
13:07:33.0578 3628 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:07:33.0593 3628 Serial - ok
13:07:33.0625 3628 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:07:33.0625 3628 Sfloppy - ok
13:07:33.0640 3628 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:07:33.0640 3628 SharedAccess - ok
13:07:33.0656 3628 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:07:33.0656 3628 ShellHWDetection - ok
13:07:33.0671 3628 Simbad - ok
13:07:33.0671 3628 Sparrow - ok
13:07:33.0687 3628 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:07:33.0687 3628 splitter - ok
13:07:33.0718 3628 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:07:33.0796 3628 Spooler - ok
13:07:33.0828 3628 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:07:33.0828 3628 sr - ok
13:07:33.0843 3628 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:07:33.0843 3628 srservice - ok
13:07:33.0859 3628 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:07:33.0875 3628 Srv - ok
13:07:33.0890 3628 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:07:33.0890 3628 SSDPSRV - ok
13:07:33.0906 3628 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:07:33.0921 3628 stisvc - ok
13:07:33.0921 3628 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:07:33.0921 3628 swenum - ok
13:07:33.0937 3628 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:07:33.0937 3628 swmidi - ok
13:07:33.0937 3628 SwPrv - ok
13:07:33.0953 3628 symc810 - ok
13:07:33.0953 3628 symc8xx - ok
13:07:33.0953 3628 sym_hi - ok
13:07:33.0968 3628 sym_u3 - ok
13:07:33.0984 3628 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:07:33.0984 3628 sysaudio - ok
13:07:34.0000 3628 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:07:34.0000 3628 SysmonLog - ok
13:07:34.0031 3628 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:07:34.0031 3628 TapiSrv - ok
13:07:34.0062 3628 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:07:34.0078 3628 Tcpip - ok
13:07:34.0109 3628 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:07:34.0109 3628 TDPIPE - ok
13:07:34.0125 3628 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:07:34.0125 3628 TDTCP - ok
13:07:34.0140 3628 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:07:34.0140 3628 TermDD - ok
13:07:34.0156 3628 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:07:34.0171 3628 TermService - ok
13:07:34.0171 3628 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:07:34.0187 3628 Themes - ok
13:07:34.0187 3628 TosIde - ok
13:07:34.0203 3628 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:07:34.0218 3628 TrkWks - ok
13:07:34.0234 3628 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:07:34.0234 3628 Udfs - ok
13:07:34.0250 3628 ultra - ok
13:07:34.0265 3628 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:07:34.0265 3628 Update - ok
13:07:34.0281 3628 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:07:34.0296 3628 upnphost - ok
13:07:34.0296 3628 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:07:34.0312 3628 UPS - ok
13:07:34.0343 3628 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:07:34.0343 3628 usbccgp - ok
13:07:34.0343 3628 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:07:34.0359 3628 usbehci - ok
13:07:34.0359 3628 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:07:34.0375 3628 usbhub - ok
13:07:34.0375 3628 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:07:34.0390 3628 usbohci - ok
13:07:34.0406 3628 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:07:34.0421 3628 USBSTOR - ok
13:07:34.0437 3628 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:07:34.0437 3628 VgaSave - ok
13:07:34.0437 3628 ViaIde - ok
13:07:34.0453 3628 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:07:34.0468 3628 VolSnap - ok
13:07:34.0468 3628 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:07:34.0484 3628 VSS - ok
13:07:34.0515 3628 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:07:34.0515 3628 W32Time - ok
13:07:34.0531 3628 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:07:34.0531 3628 Wanarp - ok
13:07:34.0531 3628 WDICA - ok
13:07:34.0546 3628 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:07:34.0546 3628 wdmaud - ok
13:07:34.0562 3628 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:07:34.0578 3628 WebClient - ok
13:07:34.0625 3628 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:07:34.0625 3628 winmgmt - ok
13:07:34.0671 3628 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:07:34.0718 3628 WinRM - ok
13:07:34.0750 3628 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:07:34.0765 3628 WmdmPmSN - ok
13:07:34.0765 3628 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:07:34.0781 3628 WmiAcpi - ok
13:07:34.0796 3628 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:07:34.0812 3628 WmiApSrv - ok
13:07:34.0859 3628 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:07:34.0890 3628 WMPNetworkSvc - ok
13:07:35.0015 3628 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:07:35.0031 3628 WPFFontCache_v0400 - ok
13:07:35.0046 3628 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:07:35.0046 3628 WS2IFSL - ok
13:07:35.0078 3628 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:07:35.0093 3628 wscsvc - ok
13:07:35.0093 3628 WSearch - ok
13:07:35.0109 3628 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:07:35.0125 3628 wuauserv - ok
13:07:35.0140 3628 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:07:35.0140 3628 WudfPf - ok
13:07:35.0156 3628 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:07:35.0156 3628 WudfRd - ok
13:07:35.0171 3628 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:07:35.0171 3628 WudfSvc - ok
13:07:35.0203 3628 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:07:35.0218 3628 WZCSVC - ok
13:07:35.0250 3628 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:07:35.0250 3628 xmlprov - ok
13:07:35.0265 3628 ================ Scan global ===============================
13:07:35.0296 3628 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:07:35.0312 3628 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:07:35.0328 3628 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:07:35.0343 3628 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:07:35.0343 3628 [Global] - ok
13:07:35.0343 3628 ================ Scan MBR ==================================
13:07:35.0359 3628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:07:35.0546 3628 \Device\Harddisk0\DR0 - ok
13:07:35.0546 3628 ================ Scan VBR ==================================
13:07:35.0546 3628 [ 33C082E40DC15856C0536CD94A4AE7FD ] \Device\Harddisk0\DR0\Partition1
13:07:35.0546 3628 \Device\Harddisk0\DR0\Partition1 - ok
13:07:35.0562 3628 [ 74496B1E5AD5A624A7DD5673AFCCE510 ] \Device\Harddisk0\DR0\Partition2
13:07:35.0562 3628 \Device\Harddisk0\DR0\Partition2 - ok
13:07:35.0578 3628 [ CE29CEE975AB8C06010C96D9C0442A73 ] \Device\Harddisk0\DR0\Partition3
13:07:35.0578 3628 \Device\Harddisk0\DR0\Partition3 - ok
13:07:35.0593 3628 [ 38A3AFAEDCD5529A6CDDA0229978AF82 ] \Device\Harddisk0\DR0\Partition4
13:07:35.0593 3628 \Device\Harddisk0\DR0\Partition4 - ok
13:07:35.0593 3628 ============================================================
13:07:35.0593 3628 Scan finished
13:07:35.0593 3628 ============================================================
13:07:35.0609 3148 Detected object count: 0
13:07:35.0609 3148 Actual detected object count: 0



Second pass with Detect TLDFS File System option selected (this was useful early on when I was trying to clean this system myself).

13:05:46.0109 2692 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:05:46.0812 2692 ============================================================
13:05:46.0812 2692 Current date / time: 2012/11/07 13:05:46.0812
13:05:46.0812 2692 SystemInfo:
13:05:46.0812 2692
13:05:46.0812 2692 OS Version: 5.1.2600 ServicePack: 3.0
13:05:46.0812 2692 Product type: Workstation
13:05:46.0812 2692 ComputerName: GRACE-EAC8E1A65
13:05:46.0812 2692 UserName: Grace
13:05:46.0812 2692 Windows directory: C:\WINDOWS
13:05:46.0812 2692 System windows directory: C:\WINDOWS
13:05:46.0812 2692 Processor architecture: Intel x86
13:05:46.0812 2692 Number of processors: 2
13:05:46.0812 2692 Page size: 0x1000
13:05:46.0812 2692 Boot type: Normal boot
13:05:46.0812 2692 ============================================================
13:05:48.0234 2692 Drive \Device\Harddisk0\DR0 - Size: 0xE8E09ADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
13:05:48.0250 2692 ============================================================
13:05:48.0250 2692 \Device\Harddisk0\DR0:
13:05:48.0250 2692 MBR partitions:
13:05:48.0250 2692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEA60903
13:05:48.0265 2692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xEA60981, BlocksNum 0x5DBF6E8
13:05:48.0281 2692 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x148200A8, BlocksNum 0x1388AFC
13:05:48.0296 2692 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x15BA8BE3, BlocksNum 0x5EB5505C
13:05:48.0296 2692 ============================================================
13:05:48.0296 2692 C: <-> \Device\Harddisk0\DR0\Partition1
13:05:48.0343 2692 D: <-> \Device\Harddisk0\DR0\Partition2
13:05:48.0359 2692 E: <-> \Device\Harddisk0\DR0\Partition3
13:05:48.0390 2692 F: <-> \Device\Harddisk0\DR0\Partition4
13:05:48.0390 2692 ============================================================
13:05:48.0390 2692 Initialize success
13:05:48.0390 2692 ============================================================
13:07:26.0578 3628 ============================================================
13:07:26.0578 3628 Scan started
13:07:26.0578 3628 Mode: Manual;
13:07:26.0578 3628 ============================================================
13:07:27.0046 3628 ================ Scan system memory ========================
13:07:27.0062 3628 System memory - ok
13:07:27.0062 3628 ================ Scan services =============================
13:07:27.0140 3628 Abiosdsk - ok
13:07:27.0140 3628 abp480n5 - ok
13:07:27.0171 3628 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:07:27.0171 3628 ACPI - ok
13:07:27.0187 3628 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:07:27.0187 3628 ACPIEC - ok
13:07:27.0296 3628 [ EA91221CF2E4F89707014A8238AA3A61 ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
13:07:27.0328 3628 acssrv - ok
13:07:27.0343 3628 adpu160m - ok
13:07:27.0375 3628 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:07:27.0375 3628 aec - ok
13:07:27.0406 3628 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:07:27.0406 3628 AFD - ok
13:07:27.0421 3628 [ 14BA5CA5D11771CE8E8B6CC6830A2436 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
13:07:27.0500 3628 afw - ok
13:07:27.0515 3628 [ 1F3D61965A9BD278A205D3062176E45C ] afwcore C:\WINDOWS\system32\drivers\afwcore.sys
13:07:27.0625 3628 afwcore - ok
13:07:27.0625 3628 Aha154x - ok
13:07:27.0640 3628 aic78u2 - ok
13:07:27.0640 3628 aic78xx - ok
13:07:27.0656 3628 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:07:27.0656 3628 Alerter - ok
13:07:27.0671 3628 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:07:27.0671 3628 ALG - ok
13:07:27.0687 3628 AliIde - ok
13:07:27.0734 3628 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
13:07:27.0765 3628 Ambfilt - ok
13:07:27.0796 3628 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:07:27.0796 3628 AmdPPM - ok
13:07:27.0796 3628 amsint - ok
13:07:27.0812 3628 AppMgmt - ok
13:07:27.0828 3628 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:07:27.0828 3628 Arp1394 - ok
13:07:27.0828 3628 asc - ok
13:07:27.0828 3628 asc3350p - ok
13:07:27.0843 3628 asc3550 - ok
13:07:27.0875 3628 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:07:27.0890 3628 aspnet_state - ok
13:07:27.0906 3628 [ 722213A5C09B21C0E6E61F4082F0C683 ] ASWFilt C:\WINDOWS\system32\Filt\ASWFilt.dll
13:07:27.0906 3628 ASWFilt - ok
13:07:27.0937 3628 [ 6C8B09E245795E98B6BCC983D0AA4D26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
13:07:28.0031 3628 aswSnx - ok
13:07:28.0046 3628 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:07:28.0046 3628 AsyncMac - ok
13:07:28.0062 3628 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:07:28.0078 3628 atapi - ok
13:07:28.0078 3628 Atdisk - ok
13:07:28.0109 3628 [ 96C29C702A9CCD372BA097F3F8B5AC80 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:07:28.0218 3628 Ati HotKey Poller - ok
13:07:28.0281 3628 [ C4828A671467C6FB43F2E6D54B5950EE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:07:28.0500 3628 ati2mtag - ok
13:07:28.0500 3628 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:07:28.0515 3628 Atmarpc - ok
13:07:28.0515 3628 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:07:28.0531 3628 AudioSrv - ok
13:07:28.0546 3628 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:07:28.0546 3628 audstub - ok
13:07:28.0562 3628 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:07:28.0562 3628 Beep - ok
13:07:28.0593 3628 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:07:28.0609 3628 BITS - ok
13:07:28.0625 3628 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:07:28.0703 3628 Browser - ok
13:07:28.0718 3628 catchme - ok
13:07:28.0734 3628 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:07:28.0734 3628 cbidf2k - ok
13:07:28.0750 3628 cd20xrnt - ok
13:07:28.0765 3628 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:07:28.0765 3628 Cdaudio - ok
13:07:28.0781 3628 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:07:28.0781 3628 Cdfs - ok
13:07:28.0781 3628 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:07:28.0781 3628 Cdrom - ok
13:07:28.0781 3628 Changer - ok
13:07:28.0796 3628 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:07:28.0812 3628 CiSvc - ok
13:07:28.0812 3628 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:07:28.0812 3628 ClipSrv - ok
13:07:28.0859 3628 [ 5724D9ECBF2A378EBF85FDC3BDA01F98 ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
13:07:28.0937 3628 CLPSLauncher - ok
13:07:28.0953 3628 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:07:28.0984 3628 clr_optimization_v2.0.50727_32 - ok
13:07:29.0046 3628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:07:29.0046 3628 clr_optimization_v4.0.30319_32 - ok
13:07:29.0109 3628 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:07:29.0125 3628 cmdAgent - ok
13:07:29.0140 3628 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
13:07:29.0234 3628 cmderd - ok
13:07:29.0234 3628 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
13:07:29.0343 3628 cmdGuard - ok
13:07:29.0343 3628 CmdIde - ok
13:07:29.0343 3628 COMSysApp - ok
13:07:29.0359 3628 Cpqarray - ok
13:07:29.0375 3628 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:07:29.0375 3628 CryptSvc - ok
13:07:29.0375 3628 dac2w2k - ok
13:07:29.0390 3628 dac960nt - ok
13:07:29.0421 3628 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:07:29.0421 3628 DcomLaunch - ok
13:07:29.0453 3628 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:07:29.0453 3628 Dhcp - ok
13:07:29.0453 3628 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:07:29.0453 3628 Disk - ok
13:07:29.0468 3628 dmadmin - ok
13:07:29.0484 3628 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:07:29.0500 3628 dmboot - ok
13:07:29.0515 3628 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:07:29.0515 3628 dmio - ok
13:07:29.0531 3628 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:07:29.0531 3628 dmload - ok
13:07:29.0546 3628 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:07:29.0546 3628 dmserver - ok
13:07:29.0562 3628 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:07:29.0562 3628 DMusic - ok
13:07:29.0593 3628 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:07:29.0593 3628 Dnscache - ok
13:07:29.0609 3628 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:07:29.0609 3628 Dot3svc - ok
13:07:29.0625 3628 dpti2o - ok
13:07:29.0671 3628 [ 28A88BB61B6B4A352729BA22BD2D2604 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
13:07:29.0718 3628 DragonUpdater - ok
13:07:29.0734 3628 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:07:29.0734 3628 drmkaud - ok
13:07:29.0750 3628 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:07:29.0750 3628 EapHost - ok
13:07:29.0765 3628 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:07:29.0765 3628 ERSvc - ok
13:07:29.0781 3628 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
13:07:29.0859 3628 ES lite Service - ok
13:07:29.0890 3628 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:07:29.0890 3628 Eventlog - ok
13:07:29.0906 3628 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:07:29.0921 3628 EventSystem - ok
13:07:29.0937 3628 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:07:29.0937 3628 Fastfat - ok
13:07:29.0953 3628 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:07:29.0968 3628 FastUserSwitchingCompatibility - ok
13:07:29.0968 3628 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:07:29.0984 3628 Fdc - ok
13:07:29.0984 3628 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:07:30.0000 3628 Fips - ok
13:07:30.0000 3628 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:07:30.0000 3628 Flpydisk - ok
13:07:30.0015 3628 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:07:30.0015 3628 FltMgr - ok
13:07:30.0046 3628 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:07:30.0046 3628 FontCache3.0.0.0 - ok
13:07:30.0062 3628 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:07:30.0062 3628 Fs_Rec - ok
13:07:30.0093 3628 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:07:30.0093 3628 Ftdisk - ok
13:07:30.0093 3628 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
13:07:30.0218 3628 gdrv - ok
13:07:30.0250 3628 [ 31B5C233933CAF0FB1499F458F04FD9A ] GeekBuddyRSP C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
13:07:30.0375 3628 GeekBuddyRSP - ok
13:07:30.0390 3628 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:07:30.0390 3628 Gpc - ok
13:07:30.0406 3628 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:07:30.0406 3628 HDAudBus - ok
13:07:30.0437 3628 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:07:30.0437 3628 helpsvc - ok
13:07:30.0453 3628 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:07:30.0453 3628 HidServ - ok
13:07:30.0468 3628 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:07:30.0468 3628 HidUsb - ok
13:07:30.0484 3628 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:07:30.0484 3628 hkmsvc - ok
13:07:30.0500 3628 hpn - ok
13:07:30.0515 3628 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:07:30.0531 3628 HTTP - ok
13:07:30.0546 3628 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:07:30.0562 3628 HTTPFilter - ok
13:07:30.0562 3628 i2omgmt - ok
13:07:30.0562 3628 i2omp - ok
13:07:30.0593 3628 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:07:30.0609 3628 i8042prt - ok
13:07:30.0671 3628 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:07:30.0687 3628 idsvc - ok
13:07:30.0687 3628 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:07:30.0687 3628 Imapi - ok
13:07:30.0718 3628 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:07:30.0718 3628 ImapiService - ok
13:07:30.0734 3628 ini910u - ok
13:07:30.0859 3628 [ E8656858D8B2DA7C9CF59FB4E5CE32ED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:07:31.0203 3628 IntcAzAudAddService - ok
13:07:31.0218 3628 IntelIde - ok
13:07:31.0234 3628 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:07:31.0234 3628 Ip6Fw - ok
13:07:31.0265 3628 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:07:31.0265 3628 IpFilterDriver - ok
13:07:31.0265 3628 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:07:31.0281 3628 IpInIp - ok
13:07:31.0281 3628 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:07:31.0281 3628 IpNat - ok
13:07:31.0296 3628 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:07:31.0296 3628 IPSec - ok
13:07:31.0328 3628 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:07:31.0328 3628 IRENUM - ok
13:07:31.0343 3628 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:07:31.0343 3628 isapnp - ok
13:07:31.0390 3628 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:07:31.0390 3628 JavaQuickStarterService - ok
13:07:31.0406 3628 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:07:31.0406 3628 Kbdclass - ok
13:07:31.0406 3628 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:07:31.0406 3628 kbdhid - ok
13:07:31.0421 3628 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:07:31.0437 3628 kmixer - ok
13:07:31.0453 3628 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:07:31.0453 3628 KSecDD - ok
13:07:31.0453 3628 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:07:31.0546 3628 LanmanServer - ok
13:07:31.0562 3628 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:07:31.0578 3628 lanmanworkstation - ok
13:07:31.0578 3628 lbrtfdc - ok
13:07:31.0593 3628 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:07:31.0593 3628 LmHosts - ok
13:07:31.0609 3628 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:07:31.0609 3628 Messenger - ok
13:07:31.0625 3628 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:07:31.0640 3628 mnmdd - ok
13:07:31.0640 3628 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:07:31.0656 3628 mnmsrvc - ok
13:07:31.0656 3628 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:07:31.0656 3628 Modem - ok
13:07:31.0703 3628 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
13:07:31.0718 3628 Monfilt - ok
13:07:31.0734 3628 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:07:31.0734 3628 Mouclass - ok
13:07:31.0750 3628 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:07:31.0750 3628 mouhid - ok
13:07:31.0765 3628 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:07:31.0765 3628 MountMgr - ok
13:07:31.0796 3628 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:07:31.0796 3628 MozillaMaintenance - ok
13:07:31.0812 3628 mraid35x - ok
13:07:31.0812 3628 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:07:31.0812 3628 MRxDAV - ok
13:07:31.0859 3628 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:07:31.0859 3628 MRxSmb - ok
13:07:31.0875 3628 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:07:31.0890 3628 MSDTC - ok
13:07:31.0890 3628 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:07:31.0890 3628 Msfs - ok
13:07:31.0906 3628 MSIServer - ok
13:07:31.0921 3628 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:07:31.0921 3628 MSKSSRV - ok
13:07:31.0937 3628 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:07:31.0937 3628 MSPCLOCK - ok
13:07:31.0937 3628 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:07:31.0937 3628 MSPQM - ok
13:07:31.0953 3628 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:07:31.0953 3628 mssmbios - ok
13:07:31.0968 3628 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:07:32.0062 3628 Mup - ok
13:07:32.0078 3628 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:07:32.0093 3628 napagent - ok
13:07:32.0109 3628 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:07:32.0109 3628 NDIS - ok
13:07:32.0125 3628 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:07:32.0140 3628 NdisTapi - ok
13:07:32.0156 3628 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:07:32.0156 3628 Ndisuio - ok
13:07:32.0156 3628 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:07:32.0171 3628 NdisWan - ok
13:07:32.0171 3628 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:07:32.0250 3628 NDProxy - ok
13:07:32.0250 3628 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:07:32.0250 3628 NetBIOS - ok
13:07:32.0265 3628 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:07:32.0265 3628 NetBT - ok
13:07:32.0281 3628 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:07:32.0281 3628 NetDDE - ok
13:07:32.0296 3628 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:07:32.0296 3628 NetDDEdsdm - ok
13:07:32.0312 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:07:32.0328 3628 Netlogon - ok
13:07:32.0359 3628 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:07:32.0359 3628 Netman - ok
13:07:32.0406 3628 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:07:32.0406 3628 NetTcpPortSharing - ok
13:07:32.0421 3628 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:07:32.0421 3628 NIC1394 - ok
13:07:32.0453 3628 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:07:32.0453 3628 Nla - ok
13:07:32.0453 3628 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:07:32.0453 3628 Npfs - ok
13:07:32.0468 3628 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:07:32.0484 3628 Ntfs - ok
13:07:32.0484 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:07:32.0484 3628 NtLmSsp - ok
13:07:32.0500 3628 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:07:32.0515 3628 NtmsSvc - ok
13:07:32.0531 3628 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:07:32.0531 3628 Null - ok
13:07:32.0562 3628 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:07:32.0562 3628 NwlnkFlt - ok
13:07:32.0562 3628 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:07:32.0562 3628 NwlnkFwd - ok
13:07:32.0578 3628 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:07:32.0593 3628 ohci1394 - ok
13:07:32.0593 3628 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:07:32.0609 3628 Parport - ok
13:07:32.0609 3628 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:07:32.0609 3628 PartMgr - ok
13:07:32.0640 3628 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:07:32.0640 3628 ParVdm - ok
13:07:32.0656 3628 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:07:32.0656 3628 PCI - ok
13:07:32.0656 3628 PCIDump - ok
13:07:32.0656 3628 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:07:32.0656 3628 PCIIde - ok
13:07:32.0687 3628 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:07:32.0687 3628 Pcmcia - ok
13:07:32.0687 3628 PDCOMP - ok
13:07:32.0687 3628 PDFRAME - ok
13:07:32.0703 3628 PDRELI - ok
13:07:32.0703 3628 PDRFRAME - ok
13:07:32.0703 3628 perc2 - ok
13:07:32.0718 3628 perc2hib - ok
13:07:32.0734 3628 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:07:32.0750 3628 PlugPlay - ok
13:07:32.0750 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:07:32.0750 3628 PolicyAgent - ok
13:07:32.0781 3628 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:07:32.0781 3628 PptpMiniport - ok
13:07:32.0796 3628 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:07:32.0796 3628 Processor - ok
13:07:32.0796 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:07:32.0812 3628 ProtectedStorage - ok
13:07:32.0812 3628 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:07:32.0812 3628 PSched - ok
13:07:32.0812 3628 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:07:32.0828 3628 Ptilink - ok
13:07:32.0828 3628 ql1080 - ok
13:07:32.0828 3628 Ql10wnt - ok
13:07:32.0828 3628 ql12160 - ok
13:07:32.0843 3628 ql1240 - ok
13:07:32.0843 3628 ql1280 - ok
13:07:32.0859 3628 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:07:32.0859 3628 RasAcd - ok
13:07:32.0875 3628 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:07:32.0875 3628 RasAuto - ok
13:07:32.0875 3628 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:07:32.0890 3628 Rasl2tp - ok
13:07:32.0906 3628 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:07:32.0906 3628 RasMan - ok
13:07:32.0921 3628 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:07:32.0921 3628 RasPppoe - ok
13:07:32.0921 3628 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:07:32.0937 3628 Raspti - ok
13:07:32.0937 3628 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:07:32.0937 3628 Rdbss - ok
13:07:32.0953 3628 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:07:32.0953 3628 RDPCDD - ok
13:07:32.0984 3628 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:07:33.0062 3628 RDPWD - ok
13:07:33.0093 3628 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:07:33.0093 3628 RDSessMgr - ok
13:07:33.0125 3628 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:07:33.0140 3628 redbook - ok
13:07:33.0140 3628 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:07:33.0156 3628 RemoteAccess - ok
13:07:33.0171 3628 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:07:33.0171 3628 RpcLocator - ok
13:07:33.0203 3628 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:07:33.0203 3628 RpcSs - ok
13:07:33.0218 3628 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:07:33.0218 3628 RSVP - ok
13:07:33.0312 3628 [ 3CF6631543C743C29A369287EA67FFE6 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
13:07:33.0390 3628 RTHDMIAzAudService - ok
13:07:33.0406 3628 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:07:33.0406 3628 RTLE8023xp - ok
13:07:33.0406 3628 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:07:33.0421 3628 SamSs - ok
13:07:33.0437 3628 [ E5118CD3FEEDE70318A78D7D7A613DA9 ] SandBox C:\WINDOWS\system32\drivers\SandBox.sys
13:07:33.0453 3628 SandBox - ok
13:07:33.0468 3628 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:07:33.0484 3628 SCardSvr - ok
13:07:33.0500 3628 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:07:33.0515 3628 Schedule - ok
13:07:33.0515 3628 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:07:33.0515 3628 Secdrv - ok
13:07:33.0546 3628 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:07:33.0546 3628 seclogon - ok
13:07:33.0546 3628 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:07:33.0562 3628 SENS - ok
13:07:33.0578 3628 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:07:33.0578 3628 serenum - ok
13:07:33.0578 3628 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:07:33.0593 3628 Serial - ok
13:07:33.0625 3628 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:07:33.0625 3628 Sfloppy - ok
13:07:33.0640 3628 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:07:33.0640 3628 SharedAccess - ok
13:07:33.0656 3628 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:07:33.0656 3628 ShellHWDetection - ok
13:07:33.0671 3628 Simbad - ok
13:07:33.0671 3628 Sparrow - ok
13:07:33.0687 3628 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:07:33.0687 3628 splitter - ok
13:07:33.0718 3628 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:07:33.0796 3628 Spooler - ok
13:07:33.0828 3628 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:07:33.0828 3628 sr - ok
13:07:33.0843 3628 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:07:33.0843 3628 srservice - ok
13:07:33.0859 3628 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:07:33.0875 3628 Srv - ok
13:07:33.0890 3628 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:07:33.0890 3628 SSDPSRV - ok
13:07:33.0906 3628 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:07:33.0921 3628 stisvc - ok
13:07:33.0921 3628 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:07:33.0921 3628 swenum - ok
13:07:33.0937 3628 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:07:33.0937 3628 swmidi - ok
13:07:33.0937 3628 SwPrv - ok
13:07:33.0953 3628 symc810 - ok
13:07:33.0953 3628 symc8xx - ok
13:07:33.0953 3628 sym_hi - ok
13:07:33.0968 3628 sym_u3 - ok
13:07:33.0984 3628 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:07:33.0984 3628 sysaudio - ok
13:07:34.0000 3628 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:07:34.0000 3628 SysmonLog - ok
13:07:34.0031 3628 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:07:34.0031 3628 TapiSrv - ok
13:07:34.0062 3628 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:07:34.0078 3628 Tcpip - ok
13:07:34.0109 3628 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:07:34.0109 3628 TDPIPE - ok
13:07:34.0125 3628 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:07:34.0125 3628 TDTCP - ok
13:07:34.0140 3628 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:07:34.0140 3628 TermDD - ok
13:07:34.0156 3628 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:07:34.0171 3628 TermService - ok
13:07:34.0171 3628 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:07:34.0187 3628 Themes - ok
13:07:34.0187 3628 TosIde - ok
13:07:34.0203 3628 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:07:34.0218 3628 TrkWks - ok
13:07:34.0234 3628 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:07:34.0234 3628 Udfs - ok
13:07:34.0250 3628 ultra - ok
13:07:34.0265 3628 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:07:34.0265 3628 Update - ok
13:07:34.0281 3628 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:07:34.0296 3628 upnphost - ok
13:07:34.0296 3628 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:07:34.0312 3628 UPS - ok
13:07:34.0343 3628 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:07:34.0343 3628 usbccgp - ok
13:07:34.0343 3628 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:07:34.0359 3628 usbehci - ok
13:07:34.0359 3628 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:07:34.0375 3628 usbhub - ok
13:07:34.0375 3628 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:07:34.0390 3628 usbohci - ok
13:07:34.0406 3628 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:07:34.0421 3628 USBSTOR - ok
13:07:34.0437 3628 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:07:34.0437 3628 VgaSave - ok
13:07:34.0437 3628 ViaIde - ok
13:07:34.0453 3628 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:07:34.0468 3628 VolSnap - ok
13:07:34.0468 3628 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:07:34.0484 3628 VSS - ok
13:07:34.0515 3628 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:07:34.0515 3628 W32Time - ok
13:07:34.0531 3628 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:07:34.0531 3628 Wanarp - ok
13:07:34.0531 3628 WDICA - ok
13:07:34.0546 3628 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:07:34.0546 3628 wdmaud - ok
13:07:34.0562 3628 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:07:34.0578 3628 WebClient - ok
13:07:34.0625 3628 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:07:34.0625 3628 winmgmt - ok
13:07:34.0671 3628 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:07:34.0718 3628 WinRM - ok
13:07:34.0750 3628 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:07:34.0765 3628 WmdmPmSN - ok
13:07:34.0765 3628 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:07:34.0781 3628 WmiAcpi - ok
13:07:34.0796 3628 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:07:34.0812 3628 WmiApSrv - ok
13:07:34.0859 3628 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:07:34.0890 3628 WMPNetworkSvc - ok
13:07:35.0015 3628 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:07:35.0031 3628 WPFFontCache_v0400 - ok
13:07:35.0046 3628 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:07:35.0046 3628 WS2IFSL - ok
13:07:35.0078 3628 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:07:35.0093 3628 wscsvc - ok
13:07:35.0093 3628 WSearch - ok
13:07:35.0109 3628 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:07:35.0125 3628 wuauserv - ok
13:07:35.0140 3628 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:07:35.0140 3628 WudfPf - ok
13:07:35.0156 3628 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:07:35.0156 3628 WudfRd - ok
13:07:35.0171 3628 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:07:35.0171 3628 WudfSvc - ok
13:07:35.0203 3628 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:07:35.0218 3628 WZCSVC - ok
13:07:35.0250 3628 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:07:35.0250 3628 xmlprov - ok
13:07:35.0265 3628 ================ Scan global ===============================
13:07:35.0296 3628 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:07:35.0312 3628 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:07:35.0328 3628 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:07:35.0343 3628 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:07:35.0343 3628 [Global] - ok
13:07:35.0343 3628 ================ Scan MBR ==================================
13:07:35.0359 3628 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:07:35.0546 3628 \Device\Harddisk0\DR0 - ok
13:07:35.0546 3628 ================ Scan VBR ==================================
13:07:35.0546 3628 [ 33C082E40DC15856C0536CD94A4AE7FD ] \Device\Harddisk0\DR0\Partition1
13:07:35.0546 3628 \Device\Harddisk0\DR0\Partition1 - ok
13:07:35.0562 3628 [ 74496B1E5AD5A624A7DD5673AFCCE510 ] \Device\Harddisk0\DR0\Partition2
13:07:35.0562 3628 \Device\Harddisk0\DR0\Partition2 - ok
13:07:35.0578 3628 [ CE29CEE975AB8C06010C96D9C0442A73 ] \Device\Harddisk0\DR0\Partition3
13:07:35.0578 3628 \Device\Harddisk0\DR0\Partition3 - ok
13:07:35.0593 3628 [ 38A3AFAEDCD5529A6CDDA0229978AF82 ] \Device\Harddisk0\DR0\Partition4
13:07:35.0593 3628 \Device\Harddisk0\DR0\Partition4 - ok
13:07:35.0593 3628 ============================================================
13:07:35.0593 3628 Scan finished
13:07:35.0593 3628 ============================================================
13:07:35.0609 3148 Detected object count: 0
13:07:35.0609 3148 Actual detected object count: 0
13:12:05.0078 3200 ============================================================
13:12:05.0078 3200 Scan started
13:12:05.0078 3200 Mode: Manual; TDLFS;
13:12:05.0078 3200 ============================================================
13:12:05.0609 3200 ================ Scan system memory ========================
13:12:05.0609 3200 System memory - ok
13:12:05.0609 3200 ================ Scan services =============================
13:12:05.0671 3200 Abiosdsk - ok
13:12:05.0671 3200 abp480n5 - ok
13:12:05.0703 3200 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
13:12:05.0703 3200 ACPI - ok
13:12:05.0718 3200 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
13:12:05.0734 3200 ACPIEC - ok
13:12:05.0796 3200 [ EA91221CF2E4F89707014A8238AA3A61 ] acssrv C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
13:12:05.0812 3200 acssrv - ok
13:12:05.0812 3200 adpu160m - ok
13:12:05.0859 3200 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
13:12:05.0859 3200 aec - ok
13:12:05.0890 3200 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
13:12:05.0890 3200 AFD - ok
13:12:05.0906 3200 [ 14BA5CA5D11771CE8E8B6CC6830A2436 ] afw C:\WINDOWS\system32\DRIVERS\afw.sys
13:12:05.0906 3200 afw - ok
13:12:05.0921 3200 [ 1F3D61965A9BD278A205D3062176E45C ] afwcore C:\WINDOWS\system32\drivers\afwcore.sys
13:12:05.0921 3200 afwcore - ok
13:12:05.0921 3200 Aha154x - ok
13:12:05.0937 3200 aic78u2 - ok
13:12:05.0937 3200 aic78xx - ok
13:12:05.0953 3200 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
13:12:05.0953 3200 Alerter - ok
13:12:05.0968 3200 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
13:12:05.0968 3200 ALG - ok
13:12:05.0984 3200 AliIde - ok
13:12:06.0031 3200 [ F6AF59D6EEE5E1C304F7F73706AD11D8 ] Ambfilt C:\WINDOWS\system32\drivers\Ambfilt.sys
13:12:06.0031 3200 Ambfilt - ok
13:12:06.0062 3200 [ 033448D435E65C4BD72E70521FD05C76 ] AmdPPM C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
13:12:06.0062 3200 AmdPPM - ok
13:12:06.0062 3200 amsint - ok
13:12:06.0062 3200 AppMgmt - ok
13:12:06.0093 3200 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
13:12:06.0093 3200 Arp1394 - ok
13:12:06.0093 3200 asc - ok
13:12:06.0093 3200 asc3350p - ok
13:12:06.0093 3200 asc3550 - ok
13:12:06.0140 3200 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
13:12:06.0140 3200 aspnet_state - ok
13:12:06.0156 3200 [ 722213A5C09B21C0E6E61F4082F0C683 ] ASWFilt C:\WINDOWS\system32\Filt\ASWFilt.dll
13:12:06.0156 3200 ASWFilt - ok
13:12:06.0187 3200 [ 6C8B09E245795E98B6BCC983D0AA4D26 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
13:12:06.0187 3200 aswSnx - ok
13:12:06.0203 3200 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
13:12:06.0203 3200 AsyncMac - ok
13:12:06.0203 3200 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
13:12:06.0203 3200 atapi - ok
13:12:06.0218 3200 Atdisk - ok
13:12:06.0250 3200 [ 96C29C702A9CCD372BA097F3F8B5AC80 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
13:12:06.0250 3200 Ati HotKey Poller - ok
13:12:06.0328 3200 [ C4828A671467C6FB43F2E6D54B5950EE ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
13:12:06.0343 3200 ati2mtag - ok
13:12:06.0359 3200 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
13:12:06.0359 3200 Atmarpc - ok
13:12:06.0375 3200 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
13:12:06.0375 3200 AudioSrv - ok
13:12:06.0390 3200 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
13:12:06.0390 3200 audstub - ok
13:12:06.0421 3200 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
13:12:06.0421 3200 Beep - ok
13:12:06.0453 3200 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
13:12:06.0453 3200 BITS - ok
13:12:06.0468 3200 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
13:12:06.0468 3200 Browser - ok
13:12:06.0484 3200 catchme - ok
13:12:06.0515 3200 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
13:12:06.0515 3200 cbidf2k - ok
13:12:06.0515 3200 cd20xrnt - ok
13:12:06.0546 3200 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
13:12:06.0546 3200 Cdaudio - ok
13:12:06.0546 3200 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
13:12:06.0546 3200 Cdfs - ok
13:12:06.0546 3200 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
13:12:06.0562 3200 Cdrom - ok
13:12:06.0562 3200 Changer - ok
13:12:06.0578 3200 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
13:12:06.0578 3200 CiSvc - ok
13:12:06.0578 3200 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
13:12:06.0578 3200 ClipSrv - ok
13:12:06.0625 3200 [ 5724D9ECBF2A378EBF85FDC3BDA01F98 ] CLPSLauncher C:\Program Files\Common Files\Comodo\launcher_service.exe
13:12:06.0625 3200 CLPSLauncher - ok
13:12:06.0640 3200 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:12:06.0640 3200 clr_optimization_v2.0.50727_32 - ok
13:12:06.0703 3200 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:12:06.0703 3200 clr_optimization_v4.0.30319_32 - ok
13:12:06.0781 3200 [ 33BB8CAE8C960454F8D9031FA11003EB ] cmdAgent C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
13:12:06.0796 3200 cmdAgent - ok
13:12:06.0812 3200 [ C6DAE39091BD55FE2F96A9E7D33BF2A8 ] cmderd C:\WINDOWS\system32\DRIVERS\cmderd.sys
13:12:06.0812 3200 cmderd - ok
13:12:06.0828 3200 [ D3ADE6B42AC9020BB24179770A284E10 ] cmdGuard C:\WINDOWS\system32\DRIVERS\cmdguard.sys
13:12:06.0828 3200 cmdGuard - ok
13:12:06.0828 3200 CmdIde - ok
13:12:06.0828 3200 COMSysApp - ok
13:12:06.0843 3200 Cpqarray - ok
13:12:06.0859 3200 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
13:12:06.0859 3200 CryptSvc - ok
13:12:06.0859 3200 dac2w2k - ok
13:12:06.0875 3200 dac960nt - ok
13:12:06.0890 3200 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
13:12:06.0906 3200 DcomLaunch - ok
13:12:06.0921 3200 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
13:12:06.0921 3200 Dhcp - ok
13:12:06.0921 3200 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
13:12:06.0921 3200 Disk - ok
13:12:06.0937 3200 dmadmin - ok
13:12:06.0953 3200 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
13:12:06.0968 3200 dmboot - ok
13:12:06.0984 3200 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
13:12:06.0984 3200 dmio - ok
13:12:07.0000 3200 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
13:12:07.0000 3200 dmload - ok
13:12:07.0015 3200 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
13:12:07.0015 3200 dmserver - ok
13:12:07.0031 3200 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
13:12:07.0031 3200 DMusic - ok
13:12:07.0062 3200 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
13:12:07.0062 3200 Dnscache - ok
13:12:07.0078 3200 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
13:12:07.0093 3200 Dot3svc - ok
13:12:07.0093 3200 dpti2o - ok
13:12:07.0156 3200 [ 28A88BB61B6B4A352729BA22BD2D2604 ] DragonUpdater C:\Program Files\Comodo\Dragon\dragon_updater.exe
13:12:07.0156 3200 DragonUpdater - ok
13:12:07.0171 3200 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
13:12:07.0171 3200 drmkaud - ok
13:12:07.0187 3200 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
13:12:07.0187 3200 EapHost - ok
13:12:07.0203 3200 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
13:12:07.0203 3200 ERSvc - ok
13:12:07.0218 3200 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
13:12:07.0218 3200 ES lite Service - ok
13:12:07.0250 3200 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
13:12:07.0250 3200 Eventlog - ok
13:12:07.0265 3200 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
13:12:07.0265 3200 EventSystem - ok
13:12:07.0281 3200 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
13:12:07.0281 3200 Fastfat - ok
13:12:07.0296 3200 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
13:12:07.0296 3200 FastUserSwitchingCompatibility - ok
13:12:07.0312 3200 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
13:12:07.0312 3200 Fdc - ok
13:12:07.0328 3200 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
13:12:07.0328 3200 Fips - ok
13:12:07.0343 3200 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
13:12:07.0343 3200 Flpydisk - ok
13:12:07.0359 3200 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
13:12:07.0359 3200 FltMgr - ok
13:12:07.0375 3200 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
13:12:07.0375 3200 FontCache3.0.0.0 - ok
13:12:07.0390 3200 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
13:12:07.0390 3200 Fs_Rec - ok
13:12:07.0406 3200 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
13:12:07.0406 3200 Ftdisk - ok
13:12:07.0421 3200 [ D556CB79967E92B5CC69686D16C1D846 ] gdrv C:\WINDOWS\gdrv.sys
13:12:07.0421 3200 gdrv - ok
13:12:07.0468 3200 [ 31B5C233933CAF0FB1499F458F04FD9A ] GeekBuddyRSP C:\Program Files\Common Files\Comodo\GeekBuddyRSP.exe
13:12:07.0484 3200 GeekBuddyRSP - ok
13:12:07.0484 3200 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
13:12:07.0484 3200 Gpc - ok
13:12:07.0500 3200 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
13:12:07.0500 3200 HDAudBus - ok
13:12:07.0531 3200 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
13:12:07.0531 3200 helpsvc - ok
13:12:07.0546 3200 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
13:12:07.0546 3200 HidServ - ok
13:12:07.0562 3200 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
13:12:07.0562 3200 HidUsb - ok
13:12:07.0578 3200 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
13:12:07.0578 3200 hkmsvc - ok
13:12:07.0593 3200 hpn - ok
13:12:07.0609 3200 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
13:12:07.0625 3200 HTTP - ok
13:12:07.0640 3200 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
13:12:07.0656 3200 HTTPFilter - ok
13:12:07.0656 3200 i2omgmt - ok
13:12:07.0671 3200 i2omp - ok
13:12:07.0703 3200 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
13:12:07.0703 3200 i8042prt - ok
13:12:07.0750 3200 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:12:07.0750 3200 idsvc - ok
13:12:07.0750 3200 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
13:12:07.0750 3200 Imapi - ok
13:12:07.0781 3200 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
13:12:07.0781 3200 ImapiService - ok
13:12:07.0781 3200 ini910u - ok
13:12:07.0906 3200 [ E8656858D8B2DA7C9CF59FB4E5CE32ED ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
13:12:07.0937 3200 IntcAzAudAddService - ok
13:12:07.0937 3200 IntelIde - ok
13:12:07.0953 3200 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
13:12:07.0953 3200 Ip6Fw - ok
13:12:07.0984 3200 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
13:12:07.0984 3200 IpFilterDriver - ok
13:12:07.0984 3200 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
13:12:07.0984 3200 IpInIp - ok
13:12:08.0000 3200 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
13:12:08.0015 3200 IpNat - ok
13:12:08.0015 3200 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
13:12:08.0015 3200 IPSec - ok
13:12:08.0046 3200 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
13:12:08.0046 3200 IRENUM - ok
13:12:08.0078 3200 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
13:12:08.0078 3200 isapnp - ok
13:12:08.0109 3200 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
13:12:08.0109 3200 JavaQuickStarterService - ok
13:12:08.0125 3200 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
13:12:08.0125 3200 Kbdclass - ok
13:12:08.0125 3200 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
13:12:08.0125 3200 kbdhid - ok
13:12:08.0140 3200 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
13:12:08.0156 3200 kmixer - ok
13:12:08.0171 3200 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
13:12:08.0171 3200 KSecDD - ok
13:12:08.0187 3200 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
13:12:08.0203 3200 LanmanServer - ok
13:12:08.0218 3200 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
13:12:08.0218 3200 lanmanworkstation - ok
13:12:08.0234 3200 lbrtfdc - ok
13:12:08.0250 3200 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
13:12:08.0250 3200 LmHosts - ok
13:12:08.0265 3200 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
13:12:08.0265 3200 Messenger - ok
13:12:08.0281 3200 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
13:12:08.0281 3200 mnmdd - ok
13:12:08.0296 3200 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
13:12:08.0296 3200 mnmsrvc - ok
13:12:08.0312 3200 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
13:12:08.0312 3200 Modem - ok
13:12:08.0343 3200 [ 9FA7207D1B1ADEAD88AE8EED9CDBBAA5 ] Monfilt C:\WINDOWS\system32\drivers\Monfilt.sys
13:12:08.0359 3200 Monfilt - ok
13:12:08.0375 3200 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
13:12:08.0375 3200 Mouclass - ok
13:12:08.0390 3200 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
13:12:08.0390 3200 mouhid - ok
13:12:08.0390 3200 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
13:12:08.0390 3200 MountMgr - ok
13:12:08.0421 3200 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:12:08.0437 3200 MozillaMaintenance - ok
13:12:08.0437 3200 mraid35x - ok
13:12:08.0437 3200 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
13:12:08.0437 3200 MRxDAV - ok
13:12:08.0484 3200 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
13:12:08.0484 3200 MRxSmb - ok
13:12:08.0515 3200 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
13:12:08.0515 3200 MSDTC - ok
13:12:08.0515 3200 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
13:12:08.0531 3200 Msfs - ok
13:12:08.0531 3200 MSIServer - ok
13:12:08.0546 3200 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
13:12:08.0546 3200 MSKSSRV - ok
13:12:08.0562 3200 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
13:12:08.0562 3200 MSPCLOCK - ok
13:12:08.0578 3200 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
13:12:08.0578 3200 MSPQM - ok
13:12:08.0578 3200 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
13:12:08.0593 3200 mssmbios - ok
13:12:08.0609 3200 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
13:12:08.0609 3200 Mup - ok
13:12:08.0625 3200 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
13:12:08.0625 3200 napagent - ok
13:12:08.0640 3200 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
13:12:08.0656 3200 NDIS - ok
13:12:08.0671 3200 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
13:12:08.0671 3200 NdisTapi - ok
13:12:08.0703 3200 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
13:12:08.0703 3200 Ndisuio - ok
13:12:08.0703 3200 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
13:12:08.0703 3200 NdisWan - ok
13:12:08.0703 3200 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
13:12:08.0703 3200 NDProxy - ok
13:12:08.0718 3200 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
13:12:08.0718 3200 NetBIOS - ok
13:12:08.0718 3200 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
13:12:08.0718 3200 NetBT - ok
13:12:08.0750 3200 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
13:12:08.0750 3200 NetDDE - ok
13:12:08.0750 3200 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
13:12:08.0765 3200 NetDDEdsdm - ok
13:12:08.0765 3200 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
13:12:08.0781 3200 Netlogon - ok
13:12:08.0812 3200 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
13:12:08.0812 3200 Netman - ok
13:12:08.0859 3200 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:12:08.0859 3200 NetTcpPortSharing - ok
13:12:08.0875 3200 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
13:12:08.0875 3200 NIC1394 - ok
13:12:08.0906 3200 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
13:12:08.0906 3200 Nla - ok
13:12:08.0906 3200 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
13:12:08.0906 3200 Npfs - ok
13:12:08.0921 3200 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
13:12:08.0937 3200 Ntfs - ok
13:12:08.0937 3200 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
13:12:08.0937 3200 NtLmSsp - ok
13:12:08.0953 3200 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
13:12:08.0968 3200 NtmsSvc - ok
13:12:08.0968 3200 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
13:12:08.0968 3200 Null - ok
13:12:09.0000 3200 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
13:12:09.0000 3200 NwlnkFlt - ok
13:12:09.0000 3200 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
13:12:09.0000 3200 NwlnkFwd - ok
13:12:09.0015 3200 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
13:12:09.0015 3200 ohci1394 - ok
13:12:09.0031 3200 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
13:12:09.0031 3200 Parport - ok
13:12:09.0031 3200 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
13:12:09.0031 3200 PartMgr - ok
13:12:09.0062 3200 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
13:12:09.0062 3200 ParVdm - ok
13:12:09.0062 3200 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
13:12:09.0062 3200 PCI - ok
13:12:09.0078 3200 PCIDump - ok
13:12:09.0078 3200 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
13:12:09.0078 3200 PCIIde - ok
13:12:09.0093 3200 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
13:12:09.0093 3200 Pcmcia - ok
13:12:09.0109 3200 PDCOMP - ok
13:12:09.0109 3200 PDFRAME - ok
13:12:09.0109 3200 PDRELI - ok
13:12:09.0125 3200 PDRFRAME - ok
13:12:09.0125 3200 perc2 - ok
13:12:09.0125 3200 perc2hib - ok
13:12:09.0156 3200 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
13:12:09.0171 3200 PlugPlay - ok
13:12:09.0171 3200 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
13:12:09.0171 3200 PolicyAgent - ok
13:12:09.0171 3200 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
13:12:09.0171 3200 PptpMiniport - ok
13:12:09.0187 3200 [ A32BEBAF723557681BFC6BD93E98BD26 ] Processor C:\WINDOWS\system32\DRIVERS\processr.sys
13:12:09.0187 3200 Processor - ok
13:12:09.0187 3200 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
13:12:09.0203 3200 ProtectedStorage - ok
13:12:09.0203 3200 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
13:12:09.0203 3200 PSched - ok
13:12:09.0203 3200 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
13:12:09.0203 3200 Ptilink - ok
13:12:09.0218 3200 ql1080 - ok
13:12:09.0218 3200 Ql10wnt - ok
13:12:09.0218 3200 ql12160 - ok
13:12:09.0234 3200 ql1240 - ok
13:12:09.0234 3200 ql1280 - ok
13:12:09.0234 3200 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
13:12:09.0250 3200 RasAcd - ok
13:12:09.0250 3200 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
13:12:09.0265 3200 RasAuto - ok
13:12:09.0265 3200 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
13:12:09.0265 3200 Rasl2tp - ok
13:12:09.0281 3200 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
13:12:09.0296 3200 RasMan - ok
13:12:09.0296 3200 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
13:12:09.0296 3200 RasPppoe - ok
13:12:09.0296 3200 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
13:12:09.0312 3200 Raspti - ok
13:12:09.0312 3200 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
13:12:09.0312 3200 Rdbss - ok
13:12:09.0312 3200 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
13:12:09.0328 3200 RDPCDD - ok
13:12:09.0359 3200 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
13:12:09.0359 3200 RDPWD - ok
13:12:09.0390 3200 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
13:12:09.0390 3200 RDSessMgr - ok
13:12:09.0421 3200 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
13:12:09.0421 3200 redbook - ok
13:12:09.0437 3200 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
13:12:09.0453 3200 RemoteAccess - ok
13:12:09.0468 3200 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
13:12:09.0468 3200 RpcLocator - ok
13:12:09.0500 3200 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
13:12:09.0500 3200 RpcSs - ok
13:12:09.0515 3200 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
13:12:09.0515 3200 RSVP - ok
13:12:09.0609 3200 [ 3CF6631543C743C29A369287EA67FFE6 ] RTHDMIAzAudService C:\WINDOWS\system32\drivers\RtKHDMI.sys
13:12:09.0625 3200 RTHDMIAzAudService - ok
13:12:09.0640 3200 [ 79B4FE884C18DD82D5449F6B6026D092 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
13:12:09.0656 3200 RTLE8023xp - ok
13:12:09.0656 3200 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
13:12:09.0656 3200 SamSs - ok
13:12:09.0671 3200 [ E5118CD3FEEDE70318A78D7D7A613DA9 ] SandBox C:\WINDOWS\system32\drivers\SandBox.sys
13:12:09.0671 3200 SandBox - ok
13:12:09.0718 3200 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
13:12:09.0718 3200 SCardSvr - ok
13:12:09.0750 3200 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
13:12:09.0750 3200 Schedule - ok
13:12:09.0765 3200 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
13:12:09.0765 3200 Secdrv - ok
13:12:09.0781 3200 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
13:12:09.0781 3200 seclogon - ok
13:12:09.0796 3200 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
13:12:09.0796 3200 SENS - ok
13:12:09.0796 3200 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
13:12:09.0796 3200 serenum - ok
13:12:09.0812 3200 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
13:12:09.0812 3200 Serial - ok
13:12:09.0843 3200 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
13:12:09.0843 3200 Sfloppy - ok
13:12:09.0859 3200 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
13:12:09.0859 3200 SharedAccess - ok
13:12:09.0875 3200 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
13:12:09.0875 3200 ShellHWDetection - ok
13:12:09.0890 3200 Simbad - ok
13:12:09.0890 3200 Sparrow - ok
13:12:09.0906 3200 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
13:12:09.0906 3200 splitter - ok
13:12:09.0937 3200 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
13:12:09.0937 3200 Spooler - ok
13:12:09.0968 3200 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
13:12:09.0968 3200 sr - ok
13:12:09.0968 3200 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
13:12:09.0984 3200 srservice - ok
13:12:10.0000 3200 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
13:12:10.0000 3200 Srv - ok
13:12:10.0015 3200 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
13:12:10.0015 3200 SSDPSRV - ok
13:12:10.0031 3200 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
13:12:10.0046 3200 stisvc - ok
13:12:10.0046 3200 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
13:12:10.0062 3200 swenum - ok
13:12:10.0062 3200 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
13:12:10.0062 3200 swmidi - ok
13:12:10.0062 3200 SwPrv - ok
13:12:10.0078 3200 symc810 - ok
13:12:10.0078 3200 symc8xx - ok
13:12:10.0093 3200 sym_hi - ok
13:12:10.0093 3200 sym_u3 - ok
13:12:10.0093 3200 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
13:12:10.0109 3200 sysaudio - ok
13:12:10.0125 3200 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
13:12:10.0125 3200 SysmonLog - ok
13:12:10.0140 3200 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
13:12:10.0156 3200 TapiSrv - ok
13:12:10.0171 3200 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
13:12:10.0171 3200 Tcpip - ok
13:12:10.0203 3200 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
13:12:10.0203 3200 TDPIPE - ok
13:12:10.0218 3200 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
13:12:10.0218 3200 TDTCP - ok
13:12:10.0234 3200 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
13:12:10.0234 3200 TermDD - ok
13:12:10.0265 3200 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
13:12:10.0281 3200 TermService - ok
13:12:10.0281 3200 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
13:12:10.0281 3200 Themes - ok
13:12:10.0296 3200 TosIde - ok
13:12:10.0312 3200 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
13:12:10.0312 3200 TrkWks - ok
13:12:10.0328 3200 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
13:12:10.0328 3200 Udfs - ok
13:12:10.0343 3200 ultra - ok
13:12:10.0359 3200 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
13:12:10.0359 3200 Update - ok
13:12:10.0375 3200 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
13:12:10.0390 3200 upnphost - ok
13:12:10.0390 3200 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
13:12:10.0406 3200 UPS - ok
13:12:10.0421 3200 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
13:12:10.0421 3200 usbccgp - ok
13:12:10.0437 3200 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
13:12:10.0437 3200 usbehci - ok
13:12:10.0453 3200 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
13:12:10.0453 3200 usbhub - ok
13:12:10.0468 3200 [ 0DAECCE65366EA32B162F85F07C6753B ] usbohci C:\WINDOWS\system32\DRIVERS\usbohci.sys
13:12:10.0468 3200 usbohci - ok
13:12:10.0484 3200 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
13:12:10.0484 3200 USBSTOR - ok
13:12:10.0500 3200 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
13:12:10.0500 3200 VgaSave - ok
13:12:10.0500 3200 ViaIde - ok
13:12:10.0515 3200 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
13:12:10.0531 3200 VolSnap - ok
13:12:10.0531 3200 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
13:12:10.0546 3200 VSS - ok
13:12:10.0562 3200 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
13:12:10.0562 3200 W32Time - ok
13:12:10.0578 3200 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
13:12:10.0578 3200 Wanarp - ok
13:12:10.0593 3200 WDICA - ok
13:12:10.0609 3200 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
13:12:10.0609 3200 wdmaud - ok
13:12:10.0625 3200 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
13:12:10.0625 3200 WebClient - ok
13:12:10.0671 3200 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
13:12:10.0671 3200 winmgmt - ok
13:12:10.0718 3200 [ 18F347402DA544A780949B8FDF83351B ] WinRM C:\WINDOWS\system32\WsmSvc.dll
13:12:10.0734 3200 WinRM - ok
13:12:10.0765 3200 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
13:12:10.0781 3200 WmdmPmSN - ok
13:12:10.0796 3200 [ C42584FD66CE9E17403AEBCA199F7BDB ] WmiAcpi C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
13:12:10.0796 3200 WmiAcpi - ok
13:12:10.0812 3200 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
13:12:10.0812 3200 WmiApSrv - ok
13:12:10.0875 3200 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
13:12:10.0875 3200 WMPNetworkSvc - ok
13:12:11.0015 3200 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:12:11.0015 3200 WPFFontCache_v0400 - ok
13:12:11.0046 3200 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
13:12:11.0046 3200 WS2IFSL - ok
13:12:11.0062 3200 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
13:12:11.0078 3200 wscsvc - ok
13:12:11.0078 3200 WSearch - ok
13:12:11.0093 3200 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
13:12:11.0109 3200 wuauserv - ok
13:12:11.0125 3200 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
13:12:11.0125 3200 WudfPf - ok
13:12:11.0140 3200 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
13:12:11.0140 3200 WudfRd - ok
13:12:11.0156 3200 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
13:12:11.0156 3200 WudfSvc - ok
13:12:11.0187 3200 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
13:12:11.0187 3200 WZCSVC - ok
13:12:11.0203 3200 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
13:12:11.0218 3200 xmlprov - ok
13:12:11.0218 3200 ================ Scan global ===============================
13:12:11.0234 3200 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
13:12:11.0265 3200 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:12:11.0281 3200 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
13:12:11.0296 3200 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
13:12:11.0296 3200 [Global] - ok
13:12:11.0296 3200 ================ Scan MBR ==================================
13:12:11.0312 3200 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
13:12:11.0593 3200 \Device\Harddisk0\DR0 - ok
13:12:11.0593 3200 ================ Scan VBR ==================================
13:12:11.0593 3200 [ 33C082E40DC15856C0536CD94A4AE7FD ] \Device\Harddisk0\DR0\Partition1
13:12:11.0593 3200 \Device\Harddisk0\DR0\Partition1 - ok
13:12:11.0609 3200 [ 74496B1E5AD5A624A7DD5673AFCCE510 ] \Device\Harddisk0\DR0\Partition2
13:12:11.0609 3200 \Device\Harddisk0\DR0\Partition2 - ok
13:12:11.0625 3200 [ CE29CEE975AB8C06010C96D9C0442A73 ] \Device\Harddisk0\DR0\Partition3
13:12:11.0625 3200 \Device\Harddisk0\DR0\Partition3 - ok
13:12:11.0640 3200 [ 38A3AFAEDCD5529A6CDDA0229978AF82 ] \Device\Harddisk0\DR0\Partition4
13:12:11.0640 3200 \Device\Harddisk0\DR0\Partition4 - ok
13:12:11.0640 3200 ============================================================
13:12:11.0640 3200 Scan finished
13:12:11.0640 3200 ============================================================
13:12:11.0656 4008 Detected object count: 0
13:12:11.0656 4008 Actual detected object count: 0



TLDSSKiller ran in both cases without interruption with the default file name and extension.

#14 oneof4

oneof4

  • Malware Response Team
  • 3,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Collective
  • Local time:04:39 AM

Posted 07 November 2012 - 02:34 PM

How is the computer behaving now?

Best Regards,
oneof4.


#15 Icanhazrootkit

Icanhazrootkit
  • Topic Starter

  • Members
  • 51 posts
  • OFFLINE
  •  
  • Local time:04:39 AM

Posted 07 November 2012 - 05:09 PM

Well... Grace certainly acts better.

I installed Secunia PSI to begin polishing things up a bit, but Comodo has finished a recent scan and has found the following...
"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load Rootkit.HiddenValue@0"

Removal failed.

So I suspect there is a little more that needs beating on before this is dead.

EDIT: Edit: Scratching head
Sigh... I can't tell what the heck this is. Whether this is an actual or a false positive thrown by Comodo.

I think I know what's going on here.
I think this is pointing to a temp folder. C:\Documents and Settings\Grace\Local Settings\temp


Okay... after a long night of reading and following my nose this is the theory I have come up with...
I installed Secunia as I said to polish this system up a bit and it recommended updating a set of MS redistributables which turned out to be just one file. That worked fine.
Another MS file blastcln.exe appear to be a legacy blaster worm removal tool which installed by updating MS MRT. It is an old tool but there is no update file for it. Running the Secunia manual update opens MSIE to the MS Updates page for the MRT. Reinstalling the MRT does not make Secunia any happier. This appears to be a known issue on the Secunia forum... recommendation: ignore this file in Secunia.

In spite of Secunia being happy with the version of Agnitum Outpost running, a new version was available so I downloaded that too. When one installs an update for Outpost, the update detects a pre-existing installation and attempts to transition between the existing to the updated files... Comodo "protected" Outpost to prevent this happening.

On uninstalling Comodo, Outpost updated without a hitch, BUT while Comodo was still installed I believe that the alert it displayed "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load Rootkit.HiddenValue@0"
Was pointing to C:\Documents and Settings\Grace\Local Settings\temp... the contents of which was temp files used by the Outpost installer to transition the files... If install fails, what the installer does is to revert everything to the old installation, from this temp folder.

So, I think that what Comodo was seeing was Outpost installer hiding the installer executable during that process.
It is a rootkit, just not an evil one.

I've updated OpenOffice and reinstalled Avast in preparation for trying to get to remove cleanly and discovered that it is no longer completely shut down. Oddly it still says that the trial period is over but it's completely functional so far as I can tell...

I'm going to run a couple more scans with it, and then I may just leave it installed for a while until I can either figure out how to make Comodo AV play nice with Outpost, or until I can squeeze Agnitum AV into the budget... I can at minimum be sure it will play well, and it is one of the top AVs, though a little on the spendy side.


With all of that said I'm completely prepared for my little theory to be dead wrong (which is why I'm running the extra scans in Avast. When the scans are done I'll set a new restore point.

One last little detail... While the USB mouse works, the PS2 mouse still does not. At this point I'm not sure whether I should be concerned about that or not.


Any suggestions before we trade our sanity for the contents of the box on the floor (system two)?

Edited by Icanhazrootkit, 08 November 2012 - 10:45 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users