Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Computer is a mess heres the HJTlogs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:55 pm

.text C:\WINDOWS\system32\wuauclt.exe[1356] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1396] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1528] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetConnectA 3D944992 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1636] WININET.dll!InternetConnectW 3D945B8E 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1684] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm
Advertisement
Register to Remove

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:56 pm

.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text c:\Program Files\Common Files\LightScribe\LSSrvc.exe[1716] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1768] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\HPZipm12.exe[1796] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:57 pm

.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgemc.exe[1988] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgrsx.exe[2012] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgnsx.exe[2024] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] WININET.dll!InternetConnectA 3D944992 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[2396] WININET.dll!InternetConnectW 3D945B8E 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:58 pm

.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 008A1950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 008A7210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 008A18D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 008A1890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 008A19B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 008A1910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 008A1A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 008A1970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 008A18F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 008A1930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 008A19D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 008A1990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 008A18B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 008A2240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 008A1A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 008A31B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 008A7140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 008A19F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 008A1B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 008A1D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 008A1AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 008A1AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 008A1D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 008A1A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 008A1A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 008A1A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 008A1D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 008A1CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 008A1D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 008A1B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 008A1C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 008A1C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 008A1B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [08, 84]
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 008A1BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 008A1B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 008A1B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 008A1CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 008A1CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 008A1C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 008A1BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 008A1C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 008A1C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 008A1BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 008A1D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 008A1AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 008A1480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 008A1640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 008A1000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 008A1250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 008A2E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 008A2840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 008A29D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 008A6E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] USER32.dll!mouse_event 77D96321 5 Bytes JMP 008A2CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] USER32.dll!keybd_event 77D96365 5 Bytes JMP 008A2B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 008A6B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2684] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 008A6C90 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe[2888] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgtray.exe[2952] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 003B1950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003B7210 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 003B18D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 003B1890 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 003B19B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 003B1910 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 003B1A30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 003B1970 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 003B18F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 003B1930 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 003B19D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 003B1990 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 003B18B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 003B2240 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 003B1A10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 003B31B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 003B7140 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 003B19F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 003B1B30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 003B1D90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 003B1AF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 003B1AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 003B1D30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 003B1A70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 003B1A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 003B1A90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 003B1D50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 003B1CF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 003B1D10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 003B1B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 003B1C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 003B1C10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 003B1B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B9, 83]
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 003B1BD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 003B1B70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 003B1B90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 003B1CB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 003B1CD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 003B1C50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 003B1BF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 003B1C70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 003B1C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 003B1BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 003B1D70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 003B1AB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 003B1480 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 003B1640 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 003B1000 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 003B1250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 003B2E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 003B2840 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 003B29D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 003B6E00 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] USER32.dll!mouse_event 77D96321 5 Bytes JMP 003B2CE0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] USER32.dll!keybd_event 77D96365 5 Bytes JMP 003B2B60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 003B1E10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 003B1DF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 003B1DB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 003B1DD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 003B6B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 003B6C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 003B1E90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe[2992] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 003B1E70 C:\WINDOWS\system32\guard32.dll
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:59 pm

.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Common\YMailAdvisor.exe[3020] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[3040] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] WININET.dll!InternetConnectA 3D944992 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] WININET.dll!InternetConnectW 3D945B8E 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] WININET.dll!InternetConnectA 3D944992 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll
.text C:\HP\KBD\KBD.EXE[3204] WININET.dll!InternetConnectW 3D945B8E 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[3212] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3504] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 8:00 pm

.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text c:\windows\system\hpsysdrv.exe[3556] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ALCXMNTR.EXE[3712] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] shell32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] shell32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] shell32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\Temporary Directory 2 for gmer.zip\gmer.exe[3860] shell32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\AGRSMMSG.exe[4068] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F8389990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F8389990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F8389990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F8389990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F8389990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F8389990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F8389950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F8389990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F8389710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F8389770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [6113A3BF] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe[3048] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll

---- EOF - GMER 1.0.15 ----
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 8:02 pm

GMER 1.0.15.15011 - http://www.gmer.net
Autostart scan 2009-08-03 19:17:10
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\WOW@cmdline = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
avgrsstarter@DLLName = avgrsstx.dll
igfxcui@DLLName = igfxsrvc.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
avg8emc@ = C:\PROGRA~1\AVG\AVG8\avgemc.exe
avg8wd@ = C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
cmdAgent@ = "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe"
LightScribeService@ = "c:\Program Files\Common Files\LightScribe\LSSrvc.exe"
MDM@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
Pml Driver HPZ12@ = C:\WINDOWS\system32\HPZipm12.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HotKeysCmdsC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@HPBootOp"C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run = "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
@LSBWatcherc:\hp\drivers\hplsbwatcher\lsburnwatcher.exe = c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
@COMODO Internet Security"C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h = "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
@AVG8_TRAYC:\PROGRA~1\AVG\AVG8\avgtray.exe = C:\PROGRA~1\AVG\AVG8\avgtray.exe
@WinPatrolC:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/ = C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot /*file not found*/
@YMailAdvisor"C:\Program Files\Yahoo!\Common\YMailAdvisor.exe" = "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Messenger (Yahoo!)"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet = "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/(null) =
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{7F67036B-66F1-411A-AD85-759FB9C5B0DB} /*SampleView*/C:\WINDOWS\system32\ShellvRTF.dll = C:\WINDOWS\system32\ShellvRTF.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} /*AVG8 Shell Extension*/C:\Program Files\AVG\AVG8\avgse.dll = C:\Program Files\AVG\AVG8\avgse.dll
@{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} /*AVG8 Find Extension*/(null) =
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{5464D816-CF16-4784-B9F3-75C0DB52B499} /*Yahoo! Mail*/C:\Program Files\Yahoo!\Common\YMMAPI.dll = C:\Program Files\Yahoo!\Common\YMMAPI.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
Yahoo! Mail@{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\YMMAPI.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
AVG8 Shell Extension@{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\AVG\AVG8\avgse.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG8\avgssie.dll = C:\Program Files\AVG\AVG8\avgssie.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll = C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\scrnsave.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU\Software\Microsoft\Internet Explorer\Main@Start Page = http://www.yahoo.com/

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
linkscanner@CLSID = C:\Program Files\AVG\AVG8\avgpp.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll

HKLM\Software\Classes\PROTOCOLS\Handler\wia@CLSID = C:\WINDOWS\system32\wiascr.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup = HP Digital Imaging Monitor.lnk

---- EOF - GMER 1.0.15 ----
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » August 5th, 2009, 7:25 am

Hi tdc2719

Registry Cleaners

Re. Eusing Free Registry Cleaner

I don't personally recommend the use of ANY registry cleaners. Here is an excerpt from a discussion on regcleaners
Most reg cleaners aren't bad as such, but they aren't perfect and even the best have been known to cause problems. The point we are trying to make is that the risk of using one far outweighs any benefit. If it does work perfectly you will not see any difference. If it doesn't work properly you may end up with an expensive doorstop.


This post by Bill Castner is veryinformative: WhatTheTech Forum



Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Next.

Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: There is a tutorial Here If you need one.

In your next reply.

1. Kaspersky log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 8th, 2009, 12:30 am

Everytime I try to scan with kaspersky this is the error message I get. I don't understand why because I am online but anyways here is what pops up in a window every time I try to scan. any suggestions?



Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.

You must be online to update the Kaspersky Online Scanner 7.0 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7.0. [ERROR: Key is expired]
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » August 8th, 2009, 10:14 am

Hi tdc2719.

Lets try another scanner.

  1. Please go to Bitdefender website to perform an online scan.
  2. Click on I Agree.
  3. You will be prompted to install an ActiveX. Please allow it and install it.
  4. Under Select what you want to check for viruses, click on the Click here link.
    • Check (tick) the Desktop box.
    • Click on + sign next to My Computer. Uncheck (untick) your CD or DVD drive box(es).
    • Uncheck the Network box.
    • Click OK.
  5. Under Settings, click on the Click here link.
    • Under Action options, select Report only option.
    • Click on the + sign next to Second Action.
    • Select Report only option.
    • Click OK.
  6. Click on Click here to scan link.
  7. It will start loading the antivirus scan engine and virus definitions and start the scan. This will take a while. Please be patient.
  8. Click on Click here to export the scan report.
  9. Click on Desktop on your left.
  10. In the File Name box, copy and paste in Report.txt
  11. In the Save As Type box, select Text (Tab Delimited) (*.txt) file.
  12. Click Save.
Please post the results of the scan in your next reply.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 9th, 2009, 9:24 pm

Somewhere along the way I messed something up and didn't save the info from the scan like I was suppose too. I redid the scan but of course what was found is now gone. I can tell you what it was, but I don't have a report to give you other than the clean scan I just did which I will include here. the name of the virus was Trojan.Wimad.Gen.1. The second scan came up empty so unless you know of some other options that's all I have. I do apologize it was late and it took forever to finish scanning and I suppose I was in too big a rush and just didn't save the report like i was suppose too. I can tell you on the first scan there were 26 viruses found and 2 were the Trojan.Wimad.Gen.1 but like I said this is the second scan and nothing showed.

.. .. ..BitDefender Online Scanner -Scan Report.. .. .. .. ..

BitDefender Online Scanner







Scan report generated at: Sun, Aug 09, 2009 - 16:00:28









Scan path: C:..Documents and Settings..HP_Owner..My Documents;C:..Documents and Settings..All Users..Documents;C:..;D:..;F:..;G:..;H:..;I:..;















Statistics

Time


04:59:44

Files


462724

Folders


11711

Boot Sectors


0

Archives


15540

Packed Files


17454







Results

Identified Viruses


0

Infected Files


0

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


0







Engines Info

Virus Definitions


3835362

Engine build


AVCORE v1.7 (build 8314.19) (i386) (Sep 29 2008 17:19:14)

Scan plugins


17

Archive plugins


45

Unpack plugins


7

E-mail plugins


6

System plugins


4







Scan Settings

First Action


Report

Second Action


None

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

No virus found.
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » August 11th, 2009, 8:05 am

Hi tdc2719.

The problems you are still experiencing are not coming from malware as all of your latest logs have come back clean.
When I am faced with this type of problem I go to these sites below. I have asked for help there myself and they have always been able to solve my problems.

Tech support guy


And

What the tech


So as I said above your logs are clean, I hope you can resolve your other problem with the links that I provided.

First we need to clean some things up.

Download OTC by Old Timer and save it to your Desktop.

  • Double-click OTC.exe
  • Click the CleanUp! button
  • Select Yes when the Begin cleanup Process? Prompt appears
  • If you are prompted to Reboot during the cleanup, select Yes
  • The tool will delete itself once it finishes, if not delete it by yourself

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Now we needed to deal with security vulnerabilities

Add/Remove programs

Click on start > run > type in: appwiz.cpl and press enter.. Uninstall the following:

Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1


Next

Your version of java is outdated

Install the latest version Here

You version of Adobe Reader is outdated

Update to the latest version Here

Create a new, clean System Restore point

Click on Start > All Programs > Accessories > System Tools > System Restore.
On the Welcome Page, select Create a restore point. Click Next.
Give this restore point a descriptive name and click Create.
When done, click Close.

Warning: Do not clear infected System Restore points before creating a new System Restore point first!

Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


Flush infected System Restore points

1. Right click on My Computer and select Properties.
2. Select the System Restore tab.
3. Check (tick) Turn off system restore on all drives box.
4. Click Apply.
5. Uncheck (untick) Turn off system restore on all drives box.
6. Click OK.
7. Restart your computer.
Note: Do this only ONCE, don't flush it regularly.

Here are some free programs I recommend that could help you improve your computer's security.

Install SpyWare Blaster 4.0
SpywareBlaster sets killbits in the registry to prevent known malicious ActiveX controls from installing on your computer.
If you don't know what ActiveX controls are, see Here
Download SpyWare Blaster from Here
Find the tutorial on how to use Spyware Blaster Here

Install Superantispyware
Superantispyware will detect and Remove Spyware, Adware and Remove Malware, Trojans, Dialers, Worms, KeyLoggers, HiJackers, Parasites, Rootkits, Rogue Security Products and many other types of threats.
You can find information and download it from Here

Install MVPS Hosts File From Here

The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial Here

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that Here

Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 and newer versions should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information Here On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 11th, 2009, 10:26 pm

TY I appreciate it so very much!!

Kind Regards,

Tracy
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » August 12th, 2009, 6:01 am

Hi Tracy
You are welcome :)
Good luck solving your other problems, i will have this thread closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby Carolyn » August 12th, 2009, 7:31 am

As any remaining issues do not involve malware and therefore fall outside the scope of this forum, this topic is now closed.

If these non-malware issues remain and you feel you require further help, we suggest that you seek help at a general troubleshooting forum.

You can help support this site from this link :
Donations For Malware Removal
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware