gift computer with issues

extra.txt 2nd post

-- Application Event Log -------------------------------------------------------

Event Record #/Type1100 / Error
Event Submitted/Written: 12/20/2007 03:03:16 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type1098 / Error
Event Submitted/Written: 12/20/2007 03:01:43 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This network connection does not exist.

Event Record #/Type1097 / Error
Event Submitted/Written: 12/20/2007 03:01:43 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Event Record #/Type1096 / Error
Event Submitted/Written: 12/20/2007 03:01:00 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.

Event Record #/Type1095 / Error
Event Submitted/Written: 12/20/2007 03:01:00 AM
Event ID/Source: 8 / crypt32
Event Description:
Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4581 / Error
Event Submitted/Written: 12/20/2007 03:01:56 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB937894 installation failed.
Access is denied.

Event Record #/Type4580 / Error
Event Submitted/Written: 12/20/2007 03:01:54 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB942840 installation failed.
Access is denied.

Event Record #/Type4579 / Error
Event Submitted/Written: 12/20/2007 03:01:52 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB942763 installation failed.
Access is denied.

Event Record #/Type4578 / Error
Event Submitted/Written: 12/20/2007 03:01:49 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB941568 installation failed.
Access is denied.

Event Record #/Type4577 / Error
Event Submitted/Written: 12/20/2007 03:01:47 AM
Event ID/Source: 4373 / NtServicePack
Event Description:
Windows XP KB942615 installation failed.
Access is denied.



-- End of Deckard's System Scanner: finished at 2007-12-20 03:04:03 ------------





Thank you so very much for your assistance!!!!!!!!!!!!!
 
Well, there is evidence that a rootkit was present at some point so we will have to make sure it is not still present.

We will do a bit of cleaning first, so that to things we know about aren't being re-scanned.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    • CF_Cleanup.png

Delete the following items, if still present
Folders
C:\hijackthis\SmitfraudFix
C:\SDFix

Files
C:\hijackthis\SDFix.exe
C:\hijackthis\SmitfraudFix.zip
C:\hijackthis\ComboFix.exe

Empty your Recycle bin.

Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.

ROOTKIT REVEALER

Please download Rootkit Revealer
Click >>> HERE <<<

Extract it to your desktop.

Double click the rootkitrevealer folder, and double-click rootkitrevealer.exe

Click the Scan button

Don't do anything while it's running

When it's done, go up to File > Save. Choose to save it to your desktop.

Open rootkitrevealer.txt on your desktop and copy the entire contents and paste them in your next reply.
 
I had issues with the rootkitreveal. I ran the scan and upon trying to save it to the desktop it stated that rootkitreveal had an issue and needed to close. Text was lost.
 
Curious...

Try this instead

Please Download GMER to your desktop

Please create a folder in the Program Files folder called GMER.

Download GMER and extract it to the C:\program files\GMER folder you have just made.


Run the Gmer.exe program by double-clicking the executable file gmer.exe.
You may be prompted to scan immediately if GMER detects rootkit activity.

If you are prompted to scan your system click "yes" to begin the scan.
If you are not prompted, Click the "Rootkit" tab, then click "Scan".


DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

At the end of the scan, click "Copy" to copy the scan results to the clipboard. Then paste the results in a notepad file and also paste them back in your next reply.

Please post the results from the GMER scan in your reply.
 
Sorry I have the report but it is extremely large and looks pretty crappy and hard to read when in the reply box. I am not to sure it will be easy for you to read. I have been looking around this great site and remember seeing something for extra large posts. If I post this it will be 7 posts. I just want to make this easier for you. If you want me to cut it up to post it I will but I do appreciate your help and want to make this as easy as possible for you to read. Any suggestions or just post as is???????
 
1

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-20 06:58:58
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreatePort
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread

---- Kernel code sections - GMER 1.0.13 ----

? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS The system cannot find the file specified.

---- User code sections - GMER 1.0.13 ----

.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[172] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[172] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe[356] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DISC\DiscUpdMgr.exe[360] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
 
2

.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe[368] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00A54FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00A54F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00A51830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00A51200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 00A51390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ B3, 88 ]
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00A54BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] USER32.dll!mouse_event 7E466515 5 Bytes JMP 00A516A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00A51520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00A548E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lexmark 2400 Series\ezprint.exe[408] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00A54A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Messenger\msmsgs.exe[432] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Messenger\msmsgs.exe[432] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[440] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[440] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe[456] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[540] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
 
3

.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[768] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[768] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[812] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[812] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[824] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[824] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[868] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[976] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[992] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1052] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1052] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\arservice.exe[1100] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\arservice.exe[1100] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
 
4

.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1144] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1144] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1180] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1180] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00634FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00634F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00631830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00631200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 00631390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 71, 88 ]
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00634BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] USER32.dll!mouse_event 7E466515 5 Bytes JMP 006316A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00631520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 006348E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[1248] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00634A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1328] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1328] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[1392] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1432] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1432] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[1516] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehRecvr.exe[1612] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1668] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
 
5

.text C:\WINDOWS\eHome\ehSched.exe[1736] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\eHome\ehSched.exe[1736] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\eHome\ehSched.exe[1736] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1824] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1824] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1892] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\ehome\mcrdsvc.exe[2080] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\gmer\gmer.exe[2280] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\gmer\gmer.exe[2280] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[2328] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2328] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe[2464] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lxcrcoms.exe[2648] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\dllhost.exe[2708] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2708] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
 
6

.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00394FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00394F10 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00394BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003916A0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00391520 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 00391830 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 00391200 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 00391390 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 47, 88 ]
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 003948E0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe[2728] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00394A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\alg.exe[2892] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2892] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\HP_Administrator\Desktop\RootkitRevealer.exe[3108] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10004FF0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F10 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 100048E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004A50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!BitBlt 77F16F89 5 Bytes JMP 10001830 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!CreateDCA 77F1B221 5 Bytes JMP 10001200 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!CreateDCW 77F1BE61 2 Bytes JMP 10001390 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] GDI32.dll!CreateDCW + 3 77F1BE64 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\wuauclt.exe[3932] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004BB0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016A0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[3932] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001520 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F71BC950] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F71BC990] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F71BC710] inspect.sys
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F71BC770] inspect.sys

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [63601740] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [63602AE9] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [63602B3E] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [63602AA2] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [63602A5B] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [63602441] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [6360208F] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [63602065] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [63601FC4] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [636015C8] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
IAT C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1136] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [636015EF] C:\Program Files\Yahoo!\Shared\YbSkin2.dll
 
7

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F75E15C2] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F75E55D2] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F7293454] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F7286F4C] fltMgr.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
 
8

AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F7841C26] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F7841DCC] cmdhlp.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F75E15C2] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F75E55D2] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F75E4000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F75E4742] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F75E1000] bb-run.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLOSE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_READ [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_WRITE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_EA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [F7293454] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_CREATE_MAILSLOT [F72931DE] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_SECURITY [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_POWER [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SYSTEM_CONTROL [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CHANGE [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_QUERY_QUOTA [F7286F4C] fltMgr.sys
AttachedDevice \FileSystem\Fastfat \Fat IRP_MJ_SET_QUOTA [F7286F4C] fltMgr.sys

---- EOF - GMER 1.0.13 ----
 
WOW !!!!.... You weren't kidding :laugh:
At least now I can safely say......

Congratulations your logs look clean :)

Let’s see if I can help you keep it that way

First lets tidy up :D
You can delete the two rootkit tools we downloaded.
Delete any logs we have produced and empty your recycle bin

Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK

Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer

Turn ON System Restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Un-Check Turn off System Restore.
Click Apply, and then click OK.

AntiSpyware

  • AntiSpyware is not the same thing as Antivirus.
    Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
    You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
    All of the programs in this list have a free version,
    it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
  • Spybot - Search & Destroy <<< A must have program
    • It includes host protection and registry protection
    • A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  • a-squared Free <<< A good "realtime" or "on demand" scanner
  • AVG Anti-Spyware 7.5 <<< A good "realtime" or "on demand" scanner
  • superantispyware <<< A good "realtime" or "on demand" scanner
  • Ad-Aware 2007 Free <<< A good "realtime" or "on demand" scanner

Prevention

  • These programs don't detect malware, they help stop it getting on your machine in the first place.
    Each does a different job, so you can have more than one
  • Winpatrol
    • An excellent startup manager and then some !!
    • Notifies you if programs are added to startup
    • Allows delayed startup
    • A must have addition
  • SpywareBlaster 3.5.1
    • SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
  • SpywareGuard 2.2
    • SpywareGuard provides real-time protection against spyware.
    • Not required if you have other "realtime" antispyware or Winpatrol
  • ZonedOut
    • Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
  • MVPS HOSTS
    • This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
    • For information on how to download and install, please read this tutorial by WinHelp2002.
    • Not required if you are using other host file protections

Internet Browsers

  • Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
    Using a different web browser can help stop malware getting on your machine.
    • Make your Internet Explorer more secure - This can be done by following these simple instructions:
      1. From within Internet Explorer click on the Tools menu and then click on Options.
      2. Click once on the Security tab
      3. Click once on the Internet icon so it becomes highlighted.
      4. Click once on the Custom Level button.
        • Change the Download signed ActiveX controls to Prompt
        • Change the Download unsigned ActiveX controls to Disable
        • Change the Initialise and script ActiveX controls not marked as safe to Disable
        • Change the Installation of desktop items to Prompt
        • Change the Launching programs and files in an IFRAME to Prompt
        • Change the Navigate sub-frames across different domains to Prompt
        • When all these settings have been made, click on the OK button.
        • If it prompts you as to whether or not you want to save the settings, press the Yes button.
      5. Next press the Apply button and then the OK to exit the Internet Properties page.
    If you are still using IE6 then either update, or get one of the following.
    • FireFox
      • With many addons available that make customization easy this is a very popular choice
      • NoScript and AdBlockPlus addons are essential
    • Opera
      • Another popular alternative
    • Netscape
      • Another popular alternative
      • Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies

  • Temporary Internet Files are mainly the files that are downloaded when you open a web page.
    Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
    It is a good idea to empty the Temporary Internet Files folder on a regular basis.

    Tracking Cookies are files that websites use to monitor which sites you visit and how often.
    A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
    CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

    Both of these can be cleaned manually, but a quicker option is to use a program
  • ATF Cleaner
    • Free and very simple to use
  • CCleaner
    • Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'
 
still have one issue

I try to open IE from my quick launch and have to double of tripple click to get it to open. When I do that I immediatly open the task manager and see a bunch of IEXPLORES still. All running around 13k-15k. One will jump up to about 45k but that is the Internet Explorer that actually opened. Any ideas???? Other then that the results of your help have far exceeded my expectations. I actually have a fast machine. Thank you so very much. I wish you and yours a very merry xmas and happy new year!!!!!!
 
nevermind

Superanitspyware killed a few problems I guess I missed when cleaning the old crap off of here. This is running great now again thank you so very much and happy holidays!!!!!!!!!
 
Have you tried installing IE 7 ?

I don't know if it will help, there seem to be a lot of people having problems with Iexplorer not starting properly.
 
You must log in or register to reply here.
Back
Top