Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Computer is a mess heres the HJTlogs

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » July 23rd, 2009, 10:15 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:14:56 PM, on 7/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7069 bytes
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm
Advertisement
Register to Remove

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » July 27th, 2009, 11:48 am

Hi, Welcome to the Malware Removal forum.
My name is Cypher, and I'll be helping you with your malware problems.
Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. Please, if you have questions about something...ASK, don't guess or assume.
  3. Please -only- post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  4. Please -only- reply to this thread, do not start another!
  5. Please do not run any other fix/removal tools unless instructed to do so!
  6. Print each set of instructions...if possible...your Internet connection might not be available during some fix processes.
  7. Please, continue responding, until I give you the "All Clean"

If you follow these guidelines, things should proceed smoothly. :)
I am currently reviewing your log and will return, as soon as possible, with your instructions.


Please post an Uninstall list.

  1. Open HijackThis.
  2. Click on the Open the Misc Tools section button.
  3. Look under System tools.
  4. Click on the Open Uninstall Manager... button.
  5. Click on the Save list... button.
  6. It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  7. Notepad will open. Please post this log in your next reply.

In your next reply.

1. Uninstall list.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » July 27th, 2009, 3:51 pm

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AVG Free 8.5
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Critical Update for Windows Media Player 11 (KB959772)
Eusing Free Registry Cleaner
Google Toolbar for Internet Explorer
Help and Support Additions
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Boot Optimizer
HP Deskjet Printer Preload
HP Image Zone 4.8.6
HP Image Zone Plus 4.8.6
HP Organize
HP Photosmart Cameras 4.5
HP PSC & OfficeJet 4.7
HP Software Update
HPIZplus450
Intel(R) Extreme Graphics Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
J2SE Runtime Environment 5.0
KBD
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Mozilla Firefox (3.5.1)
MSXML 4.0 SP2 (KB954430)
Photosmart 320,370,7400,8100,8400 Series
PS2
QuickTime
Remove Microsoft Money 2005 installer
Remove Quicken New User Edition installer
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB973346)
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spybot - Search & Destroy
Update for Windows XP (KB898461)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Updates from HP
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
WinPatrol 2009
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Mail Advisor
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » July 29th, 2009, 7:45 am

HI tdc2719.
I will get back to you as soon as possible.
All my replies to you are checked by an expert first.
This can lead to a slight delay.
Thank you for your patience.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » July 29th, 2009, 10:35 am

no problem as long as my computer gets fixed you just take your time. I really do appreciate all your help on this. I donate to this site anytime I have a chance because I know you guyus work your behinds off to help those of us who don't have a clue!

Thanks Again!
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » July 31st, 2009, 10:57 am

Hi tdc2719.

Again my apologizes for the delay, the forum staff are really busy.
Thank you for your continued patience.
Lets get started :)

You have COMODO Internet Security installed, can you confirm that it is the firewall component only please.
Also can you give me an outline of the problems you are having?

I see you have Malwarebytes' Anti-Malware installed.
I would like you to launch it then update it.
If an update is found, it will download and install the latest version.
Next select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Checked (tick) all items except items in the C:\System Volume Information folder, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Post that log back here.

Next

RSIT

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<< will be maximized) and info.txt (<< will be minimized)

Next

GMER
Please download GMER by GMER. An alternate download site.
  1. Unzip it to a folder on your desktop.
  2. Double click on gmer.exe to execute.
    If asked, allow the gmer.sys driver load.
  3. If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
  4. If you don't get a warning then...
    • Click the Rootkit/Malware tab at the top of the GMER window.
    • Click the Scan button.
  5. Once the scan has finished... click Copy. ... Do not close the GMER window yet...
  6. Open Notepad and paste what you copied. Ctrl+V
  7. Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.

    In the GMER window...
  8. Click on the >>> tab at the top of the GMER window.
    This displays the rest of the "selection" tabs for you.
  9. Click on the Autostart tab.
  10. Click on Scan button.
  11. Once the scan has finished... click Copy.
  12. Open Notepad (again) and paste what you copied. Ctrl+V
  13. Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
  14. Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.

In your next reply.

1. Malwarebytes' Anti-Malware log.
2. RSIT log.txt file contents and info.txt file contents.
3 gmerauto.txt log.
4. Tell me the problems you are having, and confirm that it is the firewall component.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » August 3rd, 2009, 10:19 am

Hi tdc2719.

It has been three days since my last post.

  • Do you still need help?
  • Do you need more time?
  • Are you having problems following my instructions?
  • According to Malware Removal's latest policy, topics can be closed after 3 days without a response. If I do not get any within the next 24 hours, this topic will be closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 1:11 pm

I am working on this today IO apologize my connection was down had to get a new modem but am doing the steps today thanks. I will go ahead and post what I have here all I lack doing is the gmer. Thanks so much for your patience.

Malwarebytes' Anti-Malware 1.39
Database version: 2443
Windows 5.1.2600 Service Pack 2

8/1/2009 10:56:27 AM
mbam-log-2009-08-01 (10-56-27).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 280492
Time elapsed: 3 hour(s), 42 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2009-08-01 10:59:04
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 118 GB (81%) free of 145 GB
Total RAM: 503 MB (22% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:58 AM, on 8/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\hphmon06.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7266 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-18 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-03-20 1851128]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-12 1948440]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-06-01 341312]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-05 125208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-16 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 1 months======

2009-08-01 00:41:57 ----D---- C:\WINDOWS\LastGood
2009-07-31 05:06:14 ----D---- C:\temp
2009-07-25 00:34:12 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SecondLife
2009-07-24 23:31:16 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2009-07-24 20:23:54 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2009-07-24 20:05:13 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Reg Tool
2009-07-20 11:59:36 ----D---- C:\Avenger
2009-07-20 11:59:36 ----A---- C:\avenger.txt
2009-07-20 03:17:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-07-18 14:02:40 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-18 13:44:46 ----A---- C:\rapport.txt
2009-07-18 13:43:46 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-07-18 13:43:45 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-07-18 13:43:44 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-07-18 13:43:43 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-07-18 13:43:42 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-07-18 13:43:41 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-07-18 13:43:40 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-07-18 13:43:39 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-07-18 13:43:38 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-07-18 13:43:37 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-07-18 13:43:37 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-07-18 13:43:36 ----A---- C:\WINDOWS\system32\swsc.exe
2009-07-18 13:43:34 ----A---- C:\WINDOWS\system32\swreg.exe
2009-07-18 13:43:32 ----A---- C:\WINDOWS\system32\Process.exe
2009-07-17 05:03:59 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-07-17 04:57:27 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-07-17 03:02:27 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-16 20:05:25 ----ASH---- C:\Documents and Settings\HP_Owner\Application Data\desktop.ini
2009-07-16 20:05:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\InterMute
2009-07-16 20:05:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Identities
2009-07-16 20:05:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2009-07-16 20:05:18 ----SD---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2009-07-16 20:05:18 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2009-07-16 20:05:18 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2009-07-16 20:05:18 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Real
2009-07-16 19:34:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-16 19:27:54 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-16 19:23:20 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-16 18:54:34 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-16 18:46:55 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-16 18:13:32 ----D---- C:\WINDOWS\system32\en-US
2009-07-16 18:11:37 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-16 18:10:27 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-07-16 17:50:04 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-16 17:50:03 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-07-16 17:50:01 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-07-16 17:49:55 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-07-16 17:44:12 ----A---- C:\WINDOWS\system32\guard32.dll
2009-07-16 17:08:04 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-07-16 17:07:33 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-07-16 07:03:04 ----D---- C:\Program Files\Conduit
2009-07-16 07:00:15 ----D---- C:\Program Files\P2P_Energy
2009-07-16 06:58:50 ----D---- C:\Documents and Settings\All Users\Application Data\MP3Torpedo
2009-07-16 04:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 04:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 04:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-12 00:01:33 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-07-08 04:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-07 20:37:03 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-07 20:30:28 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-07 20:25:08 ----D---- C:\Program Files\Microsoft

======List of files/folders modified in the last 1 months======

2009-08-01 10:59:13 ----D---- C:\WINDOWS\Prefetch
2009-08-01 10:56:49 ----D---- C:\Program Files\Mozilla Firefox
2009-08-01 10:39:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-01 08:08:12 ----D---- C:\WINDOWS\temp
2009-08-01 02:00:33 ----HD---- C:\$AVG8.VAULT$
2009-08-01 00:42:12 ----HD---- C:\WINDOWS\inf
2009-08-01 00:41:57 ----D---- C:\WINDOWS
2009-08-01 00:41:55 ----D---- C:\Program Files\MSN
2009-07-31 08:09:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-07-31 05:06:14 ----D---- C:\WINDOWS\CREATOR
2009-07-30 12:25:04 ----D---- C:\WINDOWS\Minidump
2009-07-30 05:44:49 ----D---- C:\WINDOWS\system32
2009-07-30 03:03:36 ----D---- C:\Program Files\Internet Explorer
2009-07-30 03:02:40 ----D---- C:\WINDOWS\ie7updates
2009-07-29 04:20:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-26 17:07:53 ----D---- C:\WINDOWS\system32\FxsTmp
2009-07-26 17:00:05 ----D---- C:\Documents and Settings\HP_Owner\Application Data\IMVU
2009-07-25 19:07:18 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-25 19:07:15 ----D---- C:\Program Files\NOS
2009-07-25 19:07:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-25 15:39:01 ----D---- C:\Documents and Settings\HP_Owner\Application Data\IMVUClient
2009-07-25 15:19:40 ----D---- C:\Program Files
2009-07-24 20:19:21 ----SHD---- C:\WINDOWS\Installer
2009-07-24 20:19:21 ----HD---- C:\Config.Msi
2009-07-24 20:19:20 ----SD---- C:\WINDOWS\Tasks
2009-07-20 11:59:36 ----D---- C:\WINDOWS\system32\drivers
2009-07-20 08:40:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-20 03:18:01 ----D---- C:\Program Files\Yahoo!
2009-07-20 03:18:01 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-18 14:02:42 ----D---- C:\Program Files\Google
2009-07-18 13:59:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-18 13:52:45 ----SHD---- C:\RECYCLER
2009-07-18 13:51:29 ----D---- C:\Documents and Settings
2009-07-17 20:12:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-17 20:07:52 ----D---- C:\WINDOWS\system32\wbem
2009-07-17 20:07:51 ----D---- C:\WINDOWS\AppPatch
2009-07-17 20:05:47 ----A---- C:\WINDOWS\imsins.BAK
2009-07-17 20:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 20:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 20:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 20:04:52 ----D---- C:\Program Files\Messenger
2009-07-17 20:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 20:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 20:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-07-17 20:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-17 20:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 20:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 20:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 20:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 20:01:08 ----D---- C:\WINDOWS\WinSxS
2009-07-17 20:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-17 20:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-17 20:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 19:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-17 19:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 19:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 19:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 19:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 19:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 19:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-07-17 19:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-17 19:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 19:55:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-17 19:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 19:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 19:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-17 19:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 19:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 19:52:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 19:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 19:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 19:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-17 19:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-17 19:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 05:47:04 ----D---- C:\WINDOWS\system32\CatRoot
2009-07-17 03:04:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-07-17 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-16 20:03:58 ----A---- C:\WINDOWS\setuplog.txt
2009-07-16 20:03:32 ----D---- C:\sysprep
2009-07-16 20:03:23 ----HD---- C:\hp
2009-07-16 20:02:10 ----RASH---- C:\boot.ini
2009-07-16 20:01:26 ----D---- C:\WINDOWS\Registration
2009-07-16 19:59:12 ----A---- C:\WINDOWS\system.ini
2009-07-16 19:50:57 ----D---- C:\WINDOWS\system
2009-07-16 19:50:46 ----D---- C:\WINDOWS\I386
2009-07-16 19:49:10 ----D---- C:\Program Files\Windows NT
2009-07-16 19:49:08 ----D---- C:\Program Files\Outlook Express
2009-07-16 19:49:08 ----D---- C:\Program Files\NetMeeting
2009-07-16 19:49:06 ----D---- C:\Program Files\Movie Maker
2009-07-16 19:49:00 ----D---- C:\Program Files\Common Files\Services
2009-07-16 19:48:52 ----D---- C:\WINDOWS\system32\usmt
2009-07-16 19:48:46 ----D---- C:\WINDOWS\system32\ras
2009-07-16 19:48:45 ----D---- C:\WINDOWS\system32\oobe
2009-07-16 19:48:39 ----D---- C:\WINDOWS\system32\npp
2009-07-16 19:48:30 ----D---- C:\WINDOWS\system32\icsxml
2009-07-16 19:48:29 ----D---- C:\WINDOWS\system32\ias
2009-07-16 19:47:09 ----D---- C:\WINDOWS\system32\Setup
2009-07-16 19:47:09 ----D---- C:\WINDOWS\system32\Restore
2009-07-16 19:47:07 ----D---- C:\WINDOWS\system32\Com
2009-07-16 19:47:06 ----D---- C:\WINDOWS\srchasst
2009-07-16 19:47:02 ----D---- C:\WINDOWS\msagent
2009-07-16 19:47:01 ----RD---- C:\WINDOWS\Web
2009-07-16 19:47:01 ----D---- C:\WINDOWS\ime
2009-07-16 19:47:01 ----D---- C:\WINDOWS\addins
2009-07-16 19:46:55 ----D---- C:\WINDOWS\PeerNet
2009-07-16 19:46:55 ----D---- C:\WINDOWS\Media
2009-07-16 19:46:41 ----D---- C:\WINDOWS\Cursors
2009-07-16 19:46:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-07-16 19:46:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB867282$
2009-07-16 19:46:34 ----RHD---- C:\MSOCache
2009-07-16 19:46:03 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-16 19:46:02 ----RSD---- C:\WINDOWS\assembly
2009-07-16 19:31:28 ----D---- C:\Program Files\Windows Media Player
2009-07-16 19:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-07-16 19:27:26 ----A---- C:\WINDOWS\win.ini
2009-07-16 19:26:33 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-16 19:24:23 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-16 19:01:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-16 18:54:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-16 18:47:09 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-16 18:47:08 ----D---- C:\WINDOWS\Help
2009-07-16 18:28:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-16 18:27:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-16 18:27:29 ----D---- C:\Program Files\Symantec
2009-07-16 18:27:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-16 18:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-16 18:26:39 ----D---- C:\WINDOWS\security
2009-07-16 18:13:45 ----D---- C:\WINDOWS\system32\config
2009-07-16 18:13:15 ----HDC---- C:\WINDOWS\ie7
2009-07-16 18:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-07-16 17:46:37 ----D---- C:\Program Files\SpywareBlaster
2009-07-16 17:33:09 ----D---- C:\Program Files\Sonic
2009-07-16 17:32:59 ----D---- C:\Program Files\Common Files
2009-07-16 17:28:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-16 17:27:54 ----D---- C:\Program Files\Common Files\Real
2009-07-16 17:27:14 ----D---- C:\Python22
2009-07-16 17:26:09 ----D---- C:\Program Files\PC-Doctor for Windows
2009-07-16 17:17:55 ----D---- C:\WINDOWS\pchealth
2009-07-16 17:17:55 ----D---- C:\Program Files\Microsoft Office
2009-07-16 17:17:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-16 17:17:51 ----D---- C:\Program Files\Common Files\System
2009-07-16 17:17:50 ----RSD---- C:\WINDOWS\Fonts
2009-07-16 17:14:17 ----D---- C:\Program Files\iTunes
2009-07-16 17:13:01 ----D---- C:\Program Files\Easy Internet signup
2009-07-16 17:10:09 ----A---- C:\WINDOWS\system32\ssmute.ini
2009-07-16 17:07:35 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-07 20:36:11 ----D---- C:\Program Files\Windows Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-16 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-03-20 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-04-19 24336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-13 298776]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-03-20 700152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-03-17 38912]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

-----------------EOF-----------------




info.txt logfile of random's system information tool 1.04 2009-06-29 16:32:08

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->MsiExec.exe /X{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Shockwave Player 11.5-->"C:\WINDOWS\system32\Adobe\Shockwave 11\uninstaller.exe"
Agere Systems PCI Soft Modem-->agrsmdel
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
COMODO Internet Security-->C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe -u
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_9DE96A29E721D90A.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Photosmart Essential-->MsiExec.exe /X{6994491D-D491-48F1-AE1F-E179C1FFFC2F}
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
iTunes-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BE20E2F5-1903-4AAE-B1AF-2046E586C925}
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
Java(TM) 6 Update 11-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
PartyPokerNet-->"C:\Program Files\PartyGaming.Net\PartyPokerNet\Uninstall.exe" "C:\Program Files\PartyGaming.Net\PartyPokerNet\install.log"
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Remove Quicken New User Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Sonic Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Updates from HP-->C:\WINDOWS\BWUnin-6.3.2.62.exe -AppId 309731
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll (file missing)
O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Owner.THEBAMAS\Start Menu\Programs\IMVU\Run IMVU.lnk
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop

======Security center information======

AV: COMODO Antivirus
AV: AVG Anti-Virus Free
FW: COMODO Firewall

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------



as far as problems I am having a problem with a pop up that says my system is infected and tries to auto start a scan that I don't know what is. I have ran my malwarebytes scan, my lavasoft scan, my spybot search and destroy scan, my spyware blasters scan and they all show low to medium adware but nothing major but I have learned from past experience that just because a large threat doesn't show in a scan doesn't mean its not there. I don't know why I keep scanning adware every single scan if it's supposedly being cleaned by these programs. Thanks for all your help I will have the gmer scan in a few.

Kind Regards,

Tracy
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 3:48 pm

I cannot get the gmer scan to work correctly every time I try to run it the scan gets to a specific point and my whole computer shuts down. When it reboots I send and error report and this microsoft screen pops up.........

Blue screen error caused by a device or driver

You received this message because a hardware device, its driver, or related software has caused a blue screen error. This type of error means the computer has shut down abruptly to protect itself from potential data corruption or loss. In this case, we were unable to detect the specific device or driver that caused the problem.

Any ideas and or suggestions?
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby Cypher » August 3rd, 2009, 4:50 pm

Hi tdc2719

Would you please tell me if your version of COMODO Internet Security is the firewall component only?

Lets try this.

Double click on gmer.exe to execute.
If asked, allow the gmer.sys driver load.
If you get a warning prompt about rootkit activity ... asking if you want to run Scan, click OK.
If you don't get a warning then...
  • Click the Rootkit/Malware tab at the top of the GMER window.
    In the right Panel Uncheck Devices.
    Click the Scan button.
Once the scan has finished... click Copy. ... Do not close the GMER window yet...
Open Notepad and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerroot.txt"... then close Notepad.

In the GMER window...
Click on the >>> tab at the top of the GMER window.
This displays the rest of the "selection" tabs for you.
Click on the Autostart tab.
Click on Scan button.
Once the scan has finished... click Copy.
Open Notepad (again) and paste what you copied. Ctrl+V
Select "Save As" in Notepad...saving the file to your desktop as "gmerauto.txt"
Copy and paste the contents of the files gmerroot.txt and gmerauto.txt in you next reply.[/list]

Next.

Delete Files - Folders

We need to perform some manual clean up.
  1. Right click on the Start...button.
  2. Select Explore...from the menu.
  3. Navigate to and find the following files and/or folders: if found, delete them.
    Some may not be present after previous cleaning steps

    C:\RSIT\ info.txt

  4. If you were unable to find or delete any, Please let me know in your next reply.

Next

Please run RSIT again and post both logs.

In your next reply.

1. RSIT log.txt file contents and info.txt file contents.
2. gmerauto.txt log.
3. confirm that it is the firewall component.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:39 pm

As far as I know comodo is firewall only.



info.txt logfile of random's system information tool 1.04 2009-08-03 19:23:02

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat - Reader 6.0.2 Update-->MsiExec.exe /I{AC76BA86-0000-0000-0000-6028747ADE01}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 6.0.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Agere Systems PCI Soft Modem-->agrsmdel
AVG Free 8.5-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
Bounce Symphony from Hewlett-Packard Desktops (remove only)-->"C:\Program Files\WildTangent\Apps\GameChannel\Games\D11F7128-8CBD-408B-8BF8-034604DEDD42\Uninstall.exe"
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Eusing Free Registry Cleaner-->C:\PROGRA~1\EUSING~1\UNWISE.EXE C:\PROGRA~1\EUSING~1\INSTALL.LOG
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Help and Support Additions-->WScript.exe C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\eHelpSetup.jse eHelpUninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
HP Boot Optimizer-->MsiExec.exe /I{3BA95526-6AE0-4B87-A62D-17187EF565FC}
HP Deskjet Printer Preload-->MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Image Zone 4.8.6-->C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Plus 4.8.6-->C:\Program Files\HP\Digital Imaging\{32498B7B-E1F3-4ad5-A23B-F26414E94BE0}\setup\hpzscr01.exe -datfile hpdscr01.dat
HP Organize-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D0122362-6333-4DE4-93F6-A5A2F3CC101A}\Setup.exe" UNINSTALL
HP Photosmart Cameras 4.5-->C:\Program Files\HP\Digital Imaging\{ABA2B37F-AB88-486e-870A-52454A23FEE0}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP PSC & OfficeJet 4.7-->"C:\Program Files\HP\Digital Imaging\{342C7C88-D335-4bc2-8CF1-281857629CE2}\setup\hpzscr01.exe" -datfile hposcr05.dat
HP Software Update-->MsiExec.exe /X{64FC0C98-B035-4530-B15D-3D30610B6DF1}
HPIZplus450-->MsiExec.exe /X{0E484A60-A429-49A8-982C-D6475F1E80A9}
Imikimi Plugin-->"C:\Program Files\Imikimi\uninstall.exe"
Intel(R) Extreme Graphics Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2562
IntelliMover Data Transfer Demo-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{14589F05-C658-4594-9429-D437BA688686}\Setup.exe" -l0x9
InterVideo WinDVD Player-->"C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
KBD-->C:\HP\KBD\KBD.EXE uninstalled
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Plus! Dancer LE-->MsiExec.exe /X{1A103D70-5C9B-4E1A-B306-5106C68F9914}
Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}
Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}
Mozilla Firefox (3.5.1)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
Photosmart 320,370,7400,8100,8400 Series-->C:\Program Files\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\setup\hpzscr01.exe -datfile hphscr01.dat
PS2-->C:\WINDOWS\system32\ps2.exe uninstall
QuickTime-->C:\WINDOWS\unvise32qt.exe C:\WINDOWS\system32\QuickTime\Uninstall.log
Remove Microsoft Money 2005 installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Money\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Remove Quicken New User Edition installer-->c:\\hp\\bin\\cloaker.exe commands /ww /lw:c:\\hp\\bin\\ifc\\Quicken_NUE\\lg.ini /c c:\\hp\\bin\\cloaker.exe c:\\hp\\bin\\ifc\\uninst.cmd ar
Security Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Sonic RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins001.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB867282-->C:\WINDOWS\$NtUninstallKB867282$\spuninst\spuninst.exe
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB883667-->C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Windows XP Hotfix - KB885250-->C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB887742-->C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Windows XP Hotfix - KB888113-->C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Windows XP Hotfix - KB888239-->C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Windows XP Hotfix - KB890175-->C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinPatrol 2009-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
Yahoo! Install Manager-->C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail-->C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Mail Advisor-->C:\PROGRA~1\Yahoo!\Common\UNINST~1.EXE
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! Software Update-->C:\PROGRA~1\Yahoo!\SOFTWA~1\UNINST~1.EXE
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

=====HijackThis Backups=====

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... seconduser
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [regcmdcons] c:\hp\bin\cloaker.exe c:\hp\bin\cmdcons.cmd
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: RABCO - Auto Update.lnk = C:\Program Files\RABCO\RABCOse.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O3 - Toolbar: My.Freeze.com Toolbar - {D0523BB4-21E7-11DD-9AB7-415B56D89593} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\freeze_us.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
R3 - URLSearchHook: NetAssistantBHO Class - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - C:\Program Files\My.Freeze.com Toolbar with NetAssistant\NetAssistant.dll (file missing)
O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\HP_Owner.THEBAMAS\Start Menu\Programs\IMVU\Run IMVU.lnk
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O18 - Filter hijack: text/html - {6903bbee-8b34-4de1-942e-d1fac2ed1b61} - C:\WINDOWS\system32\dsound3dd.dll
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O4 - HKLM\..\Run: [thirdintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak3.cmd
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\RunOnce: [isDeleteMe] "C:\WINDOWS\system32\cmd.exe" /c "C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\isDel.bat"
O4 - HKLM\..\RunOnce: [regcmdcons] c:\windows\regedit.exe /s c:\hp\bin\cmdcons2.reg
O4 - HKLM\..\Run: [secondintel] c:\hp\bin\cloaker.exe c:\hp\bin\intel_tweak\intel_tweak2.cmd
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

======Security center information======

AV: AVG Anti-Virus Free

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;c:\Python22
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 2 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=0209
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=c:\Program Files\Common Files\Sonic Shared\Sonic Central\

-----------------EOF-----------------



Logfile of random's system information tool 1.04 (written by random/random)
Run by HP_Owner at 2009-08-03 19:32:40
Microsoft Windows XP Home Edition Service Pack 2
System drive C: has 118 GB (81%) free of 145 GB
Total RAM: 503 MB (58% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:57 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\AGRSMMSG.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\HP_Owner\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\HP_Owner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: HP view - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7241 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskUser.job
C:\WINDOWS\tasks\Symantec NetDetect.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [2003-11-04 54248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-07-18 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2009-03-13 165616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - HP view - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll [2003-11-21 98304]

{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2009-03-13 908528]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2005-01-23 126976]
"HPBootOp"=C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe [2005-02-26 245760]
"LSBWatcher"=c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe [2004-10-14 253952]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2009-03-20 1851128]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-06-12 1948440]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2009-06-01 341312]
"YMailAdvisor"=C:\Program Files\Yahoo!\Common\YMailAdvisor.exe [2008-06-05 125208]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"Messenger (Yahoo!)"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2009-05-26 4351216]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-07-16 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxsrvc.dll [2005-01-23 348160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe"="C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Enabled:BackWeb for Pavilion"
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe"="C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\iTunes\iTunes.exe"="%ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes"

======List of files/folders created in the last 1 months======

2009-08-01 17:56:52 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-31 05:06:14 ----D---- C:\temp
2009-07-25 00:34:12 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SecondLife
2009-07-24 23:31:16 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Mozilla
2009-07-24 20:23:54 ----D---- C:\Program Files\Eusing Free Registry Cleaner
2009-07-24 20:05:13 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Reg Tool
2009-07-20 11:59:36 ----D---- C:\Avenger
2009-07-20 11:59:36 ----A---- C:\avenger.txt
2009-07-20 03:17:47 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-07-18 14:02:40 ----A---- C:\WINDOWS\system32\tmp.txt
2009-07-18 13:44:46 ----A---- C:\rapport.txt
2009-07-18 13:43:46 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-07-18 13:43:45 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-07-18 13:43:44 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-07-18 13:43:43 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-07-18 13:43:42 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-07-18 13:43:41 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-07-18 13:43:40 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-07-18 13:43:39 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-07-18 13:43:38 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-07-18 13:43:37 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-07-18 13:43:37 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-07-18 13:43:36 ----A---- C:\WINDOWS\system32\swsc.exe
2009-07-18 13:43:34 ----A---- C:\WINDOWS\system32\swreg.exe
2009-07-18 13:43:32 ----A---- C:\WINDOWS\system32\Process.exe
2009-07-17 05:03:59 ----D---- C:\WINDOWS\system32\CatRoot_bak
2009-07-17 04:57:27 ----A---- C:\WINDOWS\system32\xpsp3res.dll
2009-07-17 03:02:27 ----D---- C:\WINDOWS\system32\PreInstall
2009-07-16 20:05:25 ----ASH---- C:\Documents and Settings\HP_Owner\Application Data\desktop.ini
2009-07-16 20:05:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\InterMute
2009-07-16 20:05:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Identities
2009-07-16 20:05:19 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Apple Computer
2009-07-16 20:05:18 ----SD---- C:\Documents and Settings\HP_Owner\Application Data\Microsoft
2009-07-16 20:05:18 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Symantec
2009-07-16 20:05:18 ----D---- C:\Documents and Settings\HP_Owner\Application Data\SampleView
2009-07-16 20:05:18 ----D---- C:\Documents and Settings\HP_Owner\Application Data\Real
2009-07-16 19:34:49 ----RSHD---- C:\WINDOWS\system32\dllcache
2009-07-16 19:27:54 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-07-16 19:23:20 ----D---- C:\WINDOWS\system32\LogFiles
2009-07-16 18:54:34 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-07-16 18:46:55 ----D---- C:\WINDOWS\system32\SoftwareDistribution
2009-07-16 18:13:32 ----D---- C:\WINDOWS\system32\en-US
2009-07-16 18:11:37 ----A---- C:\WINDOWS\system32\spupdsvc.exe
2009-07-16 18:10:27 ----N---- C:\WINDOWS\system32\xmllite.dll
2009-07-16 17:50:04 ----D---- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-16 17:50:03 ----D---- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
2009-07-16 17:50:01 ----D---- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2009-07-16 17:49:55 ----D---- C:\Program Files\SDHelper (Spybot - Search & Destroy)
2009-07-16 17:44:12 ----A---- C:\WINDOWS\system32\guard32.dll
2009-07-16 17:08:04 ----A---- C:\WINDOWS\system32\igfxres.dll
2009-07-16 17:07:33 ----A---- C:\WINDOWS\system32\wmpns.dll
2009-07-16 07:03:04 ----D---- C:\Program Files\Conduit
2009-07-16 07:00:15 ----D---- C:\Program Files\P2P_Energy
2009-07-16 06:58:50 ----D---- C:\Documents and Settings\All Users\Application Data\MP3Torpedo
2009-07-16 04:22:53 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-16 04:18:03 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-16 04:08:08 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-12 00:01:33 ----D---- C:\Documents and Settings\All Users\Application Data\HP Product Assistant
2009-07-08 04:03:33 ----HDC---- C:\WINDOWS\$NtUninstallKB961503$
2009-07-07 20:37:03 ----D---- C:\Program Files\Windows Live SkyDrive
2009-07-07 20:30:28 ----D---- C:\Program Files\Common Files\Windows Live
2009-07-07 20:25:08 ----D---- C:\Program Files\Microsoft

======List of files/folders modified in the last 1 months======

2009-08-03 19:23:02 ----D---- C:\rsit
2009-08-03 18:38:06 ----HD---- C:\$AVG8.VAULT$
2009-08-03 18:37:52 ----D---- C:\Program Files\Mozilla Firefox
2009-08-03 18:09:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-03 16:59:55 ----D---- C:\WINDOWS\Prefetch
2009-08-03 16:43:58 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-03 16:43:55 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-03 16:43:15 ----HD---- C:\WINDOWS\inf
2009-08-03 15:39:38 ----D---- C:\WINDOWS\temp
2009-08-03 15:21:14 ----D---- C:\WINDOWS\Minidump
2009-08-03 15:21:14 ----D---- C:\WINDOWS
2009-08-03 03:17:24 ----D---- C:\Program Files
2009-08-01 17:56:52 ----D---- C:\WINDOWS\system32
2009-08-01 12:51:52 ----D---- C:\WINDOWS\system32\FxsTmp
2009-08-01 00:41:55 ----D---- C:\Program Files\MSN
2009-07-31 05:06:14 ----D---- C:\WINDOWS\CREATOR
2009-07-30 03:03:36 ----D---- C:\Program Files\Internet Explorer
2009-07-30 03:02:40 ----D---- C:\WINDOWS\ie7updates
2009-07-29 04:20:32 ----HD---- C:\WINDOWS\$hf_mig$
2009-07-26 17:00:05 ----D---- C:\Documents and Settings\HP_Owner\Application Data\IMVU
2009-07-25 19:07:18 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-07-25 19:07:15 ----D---- C:\Program Files\NOS
2009-07-25 19:07:07 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-25 15:39:01 ----D---- C:\Documents and Settings\HP_Owner\Application Data\IMVUClient
2009-07-24 20:19:21 ----SHD---- C:\WINDOWS\Installer
2009-07-24 20:19:21 ----HD---- C:\Config.Msi
2009-07-24 20:19:20 ----SD---- C:\WINDOWS\Tasks
2009-07-20 11:59:36 ----D---- C:\WINDOWS\system32\drivers
2009-07-20 08:40:55 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-07-20 03:18:01 ----D---- C:\Program Files\Yahoo!
2009-07-20 03:18:01 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-18 14:02:42 ----D---- C:\Program Files\Google
2009-07-18 13:59:10 ----A---- C:\WINDOWS\ntbtlog.txt
2009-07-18 13:52:45 ----SHD---- C:\RECYCLER
2009-07-18 13:51:29 ----D---- C:\Documents and Settings
2009-07-17 20:12:36 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-07-17 20:07:52 ----D---- C:\WINDOWS\system32\wbem
2009-07-17 20:07:51 ----D---- C:\WINDOWS\AppPatch
2009-07-17 20:05:47 ----A---- C:\WINDOWS\imsins.BAK
2009-07-17 20:05:43 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$
2009-07-17 20:05:27 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$
2009-07-17 20:05:09 ----HDC---- C:\WINDOWS\$NtUninstallKB959426$
2009-07-17 20:04:52 ----D---- C:\Program Files\Messenger
2009-07-17 20:04:50 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$
2009-07-17 20:04:33 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
2009-07-17 20:04:18 ----HDC---- C:\WINDOWS\$NtUninstallKB923723$
2009-07-17 20:04:04 ----HDC---- C:\WINDOWS\$NtUninstallKB955839$
2009-07-17 20:03:29 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$
2009-07-17 20:02:54 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-07-17 20:02:08 ----HDC---- C:\WINDOWS\$NtUninstallKB956572$
2009-07-17 20:01:24 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-07-17 20:01:08 ----D---- C:\WINDOWS\WinSxS
2009-07-17 20:01:06 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-07-17 20:00:30 ----HDC---- C:\WINDOWS\$NtUninstallKB952069_WM9$
2009-07-17 20:00:18 ----HDC---- C:\WINDOWS\$NtUninstallKB952004$
2009-07-17 19:58:18 ----HDC---- C:\WINDOWS\$NtUninstallKB941569$
2009-07-17 19:57:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$
2009-07-17 19:57:39 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
2009-07-17 19:57:22 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$
2009-07-17 19:57:05 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$
2009-07-17 19:56:45 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-07-17 19:56:26 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-07-17 19:56:06 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-07-17 19:55:32 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$
2009-07-17 19:55:00 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-07-17 19:54:49 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$
2009-07-17 19:54:26 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-07-17 19:53:04 ----HDC---- C:\WINDOWS\$NtUninstallKB960803$
2009-07-17 19:52:47 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
2009-07-17 19:52:30 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$
2009-07-17 19:52:14 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
2009-07-17 19:51:39 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
2009-07-17 19:51:22 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$
2009-07-17 19:50:52 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-07-17 19:50:42 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-07-17 19:49:57 ----HDC---- C:\WINDOWS\$NtUninstallKB923561$
2009-07-17 03:04:11 ----HDC---- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
2009-07-17 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB898461$
2009-07-16 20:03:58 ----A---- C:\WINDOWS\setuplog.txt
2009-07-16 20:03:32 ----D---- C:\sysprep
2009-07-16 20:03:23 ----HD---- C:\hp
2009-07-16 20:02:10 ----RASH---- C:\boot.ini
2009-07-16 20:01:26 ----D---- C:\WINDOWS\Registration
2009-07-16 19:59:12 ----A---- C:\WINDOWS\system.ini
2009-07-16 19:50:57 ----D---- C:\WINDOWS\system
2009-07-16 19:50:46 ----D---- C:\WINDOWS\I386
2009-07-16 19:49:10 ----D---- C:\Program Files\Windows NT
2009-07-16 19:49:08 ----D---- C:\Program Files\Outlook Express
2009-07-16 19:49:08 ----D---- C:\Program Files\NetMeeting
2009-07-16 19:49:06 ----D---- C:\Program Files\Movie Maker
2009-07-16 19:49:00 ----D---- C:\Program Files\Common Files\Services
2009-07-16 19:48:52 ----D---- C:\WINDOWS\system32\usmt
2009-07-16 19:48:46 ----D---- C:\WINDOWS\system32\ras
2009-07-16 19:48:45 ----D---- C:\WINDOWS\system32\oobe
2009-07-16 19:48:39 ----D---- C:\WINDOWS\system32\npp
2009-07-16 19:48:30 ----D---- C:\WINDOWS\system32\icsxml
2009-07-16 19:48:29 ----D---- C:\WINDOWS\system32\ias
2009-07-16 19:47:09 ----D---- C:\WINDOWS\system32\Setup
2009-07-16 19:47:09 ----D---- C:\WINDOWS\system32\Restore
2009-07-16 19:47:07 ----D---- C:\WINDOWS\system32\Com
2009-07-16 19:47:06 ----D---- C:\WINDOWS\srchasst
2009-07-16 19:47:02 ----D---- C:\WINDOWS\msagent
2009-07-16 19:47:01 ----RD---- C:\WINDOWS\Web
2009-07-16 19:47:01 ----D---- C:\WINDOWS\ime
2009-07-16 19:47:01 ----D---- C:\WINDOWS\addins
2009-07-16 19:46:55 ----D---- C:\WINDOWS\PeerNet
2009-07-16 19:46:55 ----D---- C:\WINDOWS\Media
2009-07-16 19:46:41 ----D---- C:\WINDOWS\Cursors
2009-07-16 19:46:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB891781$
2009-07-16 19:46:39 ----AHDC---- C:\WINDOWS\$NtUninstallKB890175$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB888239$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB888113$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB887742$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB885836$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB885250$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB883667$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB873339$
2009-07-16 19:46:38 ----AHDC---- C:\WINDOWS\$NtUninstallKB867282$
2009-07-16 19:46:34 ----RHD---- C:\MSOCache
2009-07-16 19:46:03 ----RD---- C:\WINDOWS\Offline Web Pages
2009-07-16 19:46:02 ----RSD---- C:\WINDOWS\assembly
2009-07-16 19:31:28 ----D---- C:\Program Files\Windows Media Player
2009-07-16 19:28:59 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-07-16 19:27:26 ----A---- C:\WINDOWS\win.ini
2009-07-16 19:26:33 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-07-16 19:24:23 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-07-16 19:01:30 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-07-16 18:54:09 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-07-16 18:47:09 ----D---- C:\WINDOWS\SoftwareDistribution
2009-07-16 18:47:08 ----D---- C:\WINDOWS\Help
2009-07-16 18:28:41 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-16 18:27:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-07-16 18:27:29 ----D---- C:\Program Files\Symantec
2009-07-16 18:27:29 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-07-16 18:27:29 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-07-16 18:26:39 ----D---- C:\WINDOWS\security
2009-07-16 18:13:45 ----D---- C:\WINDOWS\system32\config
2009-07-16 18:13:15 ----HDC---- C:\WINDOWS\ie7
2009-07-16 18:11:08 ----HDC---- C:\WINDOWS\$NtUninstallKB915865$
2009-07-16 17:46:37 ----D---- C:\Program Files\SpywareBlaster
2009-07-16 17:33:09 ----D---- C:\Program Files\Sonic
2009-07-16 17:32:59 ----D---- C:\Program Files\Common Files
2009-07-16 17:28:28 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-16 17:27:54 ----D---- C:\Program Files\Common Files\Real
2009-07-16 17:27:14 ----D---- C:\Python22
2009-07-16 17:26:09 ----D---- C:\Program Files\PC-Doctor for Windows
2009-07-16 17:17:55 ----D---- C:\WINDOWS\pchealth
2009-07-16 17:17:55 ----D---- C:\Program Files\Microsoft Office
2009-07-16 17:17:55 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-07-16 17:17:51 ----D---- C:\Program Files\Common Files\System
2009-07-16 17:17:50 ----RSD---- C:\WINDOWS\Fonts
2009-07-16 17:14:17 ----D---- C:\Program Files\iTunes
2009-07-16 17:13:01 ----D---- C:\Program Files\Easy Internet signup
2009-07-16 17:10:09 ----A---- C:\WINDOWS\system32\ssmute.ini
2009-07-16 17:07:35 ----A---- C:\WINDOWS\OEWABLog.txt
2009-07-07 20:36:11 ----D---- C:\Program Files\Windows Live

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-07-18 335752]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-07-16 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-16 108552]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-03-20 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-04-19 24336]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-04 36096]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\WINDOWS\system32\DRIVERS\AGRSM.sys [2004-06-29 1268204]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-10-01 2279424]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-01-23 804317]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 Ps2;PS2; C:\WINDOWS\system32\DRIVERS\PS2.sys [2001-06-04 14112]
R3 RTL8023xp;Realtek RTL8139/810x/8169/8110 all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtlnicxp.sys [2004-10-15 71168]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-04 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2004-08-04 40320]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 taavashe;taavashe; \??\C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\taavashe.sys []
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-07-18 907032]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-05-13 298776]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-03-20 700152]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; c:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-03-17 38912]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2004-08-04 267776]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 YahooAUService;Yahoo! Updater; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]

-----------------EOF-----------------
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:46 pm

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-03 19:15:08
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xEEC132A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xEEC127C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xEEC12E5C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xEEC13A6A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xEEC1251C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xEEC14776]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xEEC13486]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xEEC120EA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xEEC136D4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xEEC13884]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xEEC11E4C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xEEC143F8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xEEC12A46]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xEEC13094]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xEEC11B7C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xEEC12CD6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xEEC11CF4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xEEC13E30]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xEEC1263A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xEEC14194]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xEEC145A6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xEEC13C30]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xEEC129E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xEEC12BCA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xEEC123E6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xEEC122B4]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00FF1950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00FF7210 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00FF18D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00FF1890 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 00FF19B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00FF1910 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00FF1A30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00FF1970 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 00FF18F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00FF1930 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 00FF19D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00FF1990 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00FF18B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 00FF2240 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00FF1A10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 00FF31B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 00FF7140 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 00FF19F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 00FF1B30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00FF1D90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 00FF1AF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 00FF1AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 00FF1D30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 00FF1A70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00FF1A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 00FF1A90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 00FF1D50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 00FF1CF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 00FF1D10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 00FF1B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 00FF1C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 00FF1C10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 00FF1B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7D, 84] {JGE 0xffffffffffffff86}
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 00FF1BD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 00FF1B70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 00FF1B90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 00FF1CB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 00FF1CD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 00FF1C50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 00FF1BF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 00FF1C70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 00FF1C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 00FF1BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00FF1D70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 00FF1AB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 00FF1480 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 00FF1640 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 00FF1000 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 00FF1250 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 00FF1E90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 00FF1E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 00FF6E00 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] USER32.dll!mouse_event 77D96321 5 Bytes JMP 00FF2CE0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] USER32.dll!keybd_event 77D96365 5 Bytes JMP 00FF2B60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00FF2E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 00FF2840 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 00FF29D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 00FF1E10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 00FF1DF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 00FF1DB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 00FF1DD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 00FF6B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 00FF6C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] WININET.dll!InternetConnectA 3D944992 5 Bytes JMP 00FF1E30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[316] WININET.dll!InternetConnectW
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:46 pm

3D945B8E 5 Bytes JMP 00FF1E50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:47 pm

.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[680] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[732] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm

Re: My Computer is a mess heres the HJTlogs

Unread postby tdc2719 » August 3rd, 2009, 7:53 pm

.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[744] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\AVG\AVG8\avgcsrvx.exe[756] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[900] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[1120] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\System32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1144] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!OpenServiceW 77DE5F05 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!OpenServiceA 77DEE2AE 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceA 77E370B9 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ADVAPI32.dll!CreateServiceW 77E37251 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 10006E00 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!mouse_event 77D96321 5 Bytes JMP 10002CE0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] USER32.dll!keybd_event 77D96365 5 Bytes JMP 10002B60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP 10002840 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] GDI32.dll!CreateDCW 77F1BE99 5 Bytes JMP 100029D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1256] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10007210 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 10002240 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 100031B0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 10007140 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!OpenFile 7C821992 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 10006B10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 10006C90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10002E70 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[1356] GDI32.dll!CreateDCA 77F1B259 5 Bytes JMP
tdc2719
Regular Member
 
Posts: 53
Joined: July 23rd, 2009, 10:11 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 289 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware