Quantcast
Channel: Tech Support Guy
Viewing all articles
Browse latest Browse all 38405

win 32 reveton ink

December 29, 2012, 7:00 am
$
0
0
Hello again friends, I got a virus that keeps appearing on my desktop similar to a web page, like a police warning asking for money.
I tried to scan the computer with a kaspersky, avast and a specific BD removal trojan ransom ice pol and no luck.
The virus deactivated my wireless connection also and now I connected my laptop to the internet through a vodafone stick in order to contact you.
Please help me, what should I do:(
Thank you very much.
( Microsoft essentials said that the trojan is win 32 reveton ink)
OS= Microsoft Profesional XP 2002, service pack 3

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:59:01 PM, on 12/29/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\wdm\STacSV.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Alma\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?ilc=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
R3 - URLSearchHook: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Ad-Aware Security Toolbar - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files\adawaretb\adawareDx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
O4 - HKLM\..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Alma\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" (User '?')
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (User '?')
O4 - HKUS\S-1-5-21-1275210071-630328440-1801674531-1003\..\Run: [Facebook Update] "C:\Documents and Settings\Alma\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver (User '?')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User '?')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f (User 'Default user')
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1287577797984
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\wdm\STacSV.exe
O23 - Service: Vodafone Mobile Connect Service (VMCService) - Vodafone - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11980 bytes

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.9.2
Run by Alma at 17:22:24 on 2012-12-29
.
============== Running Processes ================
.
C:\Program Files\Atheros\ACU.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.yahoo.com/?ilc=8
mDefault_Page_URL = hxxp://www.yahoo.com/?ilc=8
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YAHOOM~1.EXE" -quiet
uRun: [Facebook Update] "c:\documents and settings\alma\local settings\application data\facebook\update\FacebookUpdate.exe" /c /nocrashserver
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SysTrayApp] c:\program files\idt\wdm\sttray.exe
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [WirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [MobileConnect] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.exe /silent
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [COMODO] c:\program files\comodo\comodo geekbuddy\CLPSLA.exe
mRun: [CPA] c:\program files\comodo\comodo geekbuddy\VALA.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.207\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1287577797984
TCP: NameServer = 81.12.128.206 81.12.132.206
TCP: Interfaces\{F8370354-2DFF-455D-BBF7-E2F29B234C27} : DHCPNameServer = 81.12.128.206 81.12.132.206
Notify: crypt32chain - crypt32.dll
Notify: cryptnet - cryptnet.dll
Notify: cscdll - cscdll.dll
Notify: dimsntfy - c:\windows\system32\dimsntfy.dll
Notify: igfxcui - igfxdev.dll
Notify: ScCertProp - wlnotify.dll
Notify: Schedule - wlnotify.dll
Notify: sclgntfy - sclgntfy.dll
Notify: SensLogn - WlNotify.dll
Notify: termsrv - wlnotify.dll
Notify: WgaLogon - WgaLogon.dll
Notify: wlballoon - wlnotify.dll
AppInit_DLLs= c:\windows\system32\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\alma\application data\mozilla\firefox\profiles\46bdjjcf.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - plugin: c:\documents and settings\alma\application data\mozilla\firefox\profiles\46bdjjcf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\alma\local settings\application data\facebook\messenger\2.1.4651.0\npFbDesktopPlugin.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-29 16:43; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\documents and settings\alma\application data\mozilla\firefox\profiles\46bdjjcf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2012-12-29 14:43:31 -------- d-----w- c:\documents and settings\alma\application data\QuickScan
2012-12-29 07:31:57 -------- d--h--w- C:\VritualRoot
2012-12-29 07:31:30 60872 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6ae9302-b038-472b-a4c6-d9dccd9e3372}\offreg.dll
2012-12-29 07:30:58 428096 ----a-w- c:\windows\system32\drivers\sfi.dat
2012-12-29 07:26:27 -------- d-----w- c:\documents and settings\all users\application data\Comodo
2012-12-29 07:26:22 -------- d-----w- c:\program files\COMODO
2012-12-29 07:26:21 1700352 ----a-w- c:\windows\system32\gdiplus.dll
2012-12-29 07:26:21 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-12-29 07:15:23 -------- d-----w- c:\documents and settings\all users\application data\Comodo Downloader
2012-12-29 07:14:38 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b6ae9302-b038-472b-a4c6-d9dccd9e3372}\mpengine.dll
2012-12-28 19:14:14 -------- d---a-w- C:\Kaspersky Rescue Disk 10.0
2012-12-27 08:04:05 6812136 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-12-24 13:55:36 -------- d-----w- c:\documents and settings\alma\local settings\application data\Facebook
2012-12-20 22:56:33 -------- d-----w- c:\documents and settings\alma\local settings\application data\Apple Computer
2012-12-20 22:56:11 26840 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-12-20 22:55:12 -------- d-----w- c:\program files\iPod
2012-12-20 22:55:02 -------- d-----w- c:\program files\iTunes
2012-12-20 22:55:02 -------- d-----w- c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-20 22:54:36 -------- d-----w- c:\documents and settings\alma\local settings\application data\Apple
2012-12-20 22:53:41 -------- d-----w- c:\program files\Bonjour
2012-12-16 13:34:06 -------- d-----w- c:\program files\SopCast
2012-12-05 20:52:59 15840 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2012-12-05 20:15:29 -------- d-----w- c:\documents and settings\alma\local settings\application data\adawarebp
2012-12-05 19:37:16 -------- d-----w- c:\documents and settings\alma\local settings\application data\adaware
2012-12-05 19:32:53 -------- d-----w- c:\documents and settings\alma\application data\adawaretb
2012-12-05 19:32:48 -------- d-----w- c:\program files\adawaretb
2012-12-05 19:31:52 -------- d-----w- c:\documents and settings\alma\application data\Ad-Aware Antivirus
.
==================== Find3M ====================
.
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-11 18:45:00 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 18:45:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 01:25:12 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 02:02:42 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17:54 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17:54 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04:21 58368 ----a-w- c:\windows\system32\synceng.dll
.
============= FINISH: 17:24:21.98 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
.
==== Disk Partitions =========================
.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
7-Zip 4.62
Ad-Aware Browsing Protection
Ad-Aware Security Toolbar
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.5.2
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Arcade Classic Pack 5.10
Atheros Client Installation Program
Bonjour
COMODO GeekBuddy
COMODO Internet Security
Compatibility Pack for the 2007 Office system
DivX Setup
EasyCleaner
Facebook Messenger 2.1.4651.0
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB969084)
HP Quick Launch Buttons
HP Wireless Assistant
IDT Audio
InstallIQ Updater
Intel(R) Graphics Media Accelerator Driver
Intel(R) Rapid Storage Technology
iTunes
Java 7 Update 9
Java Auto Updater
McAfee Security Scan Plus
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office File Validation Add-In
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
QLBCASL
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek USB 2.0 Card Reader
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2483614)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SopCast 3.5.0
Synaptics Pointing Device Driver
TeamViewer 7
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB958752)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.6195
VLC media player 1.1.7
Vodafone Mobile Connect Lite
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Yahoo! Messenger
Yahoo! Software Update
.
==== End Of File ===========================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-29 18:44:44
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST916031 rev.HP07
Running: 2v08j6i6.exe; Driver: C:\DOCUME~1\Alma\LOCALS~1\Temp\ufldqpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwAdjustPrivilegesToken [0xA78088B2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwConnectPort [0xA7807E48]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateFile [0xA7808518]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateKey [0xA7809126]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreatePort [0xA7807D28]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSection [0xA780B1E0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateSymbolicLinkObject [0xA780B568]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwCreateThread [0xA7807714]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteKey [0xA7808A9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDeleteValueKey [0xA7808C9E]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwDuplicateObject [0xA780751A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateKey [0xA7809864]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwEnumerateValueKey [0xA7809ABA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwLoadDriver [0xA780ABF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwMakeTemporaryObject [0xA7808110]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenFile [0xA78086F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenKey [0xA7809116]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenProcess [0xA7807148]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenSection [0xA78083B4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwOpenThread [0xA780734C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryKey [0xA7809CC8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryMultipleValueKey [0xA780A11C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwQueryValueKey [0xA7809EDA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRenameKey [0xA780967C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwRequestWaitReplyPort [0xA780A68C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSecureConnectPort [0xA780A940]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSecurityObject [0xA7808EEE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetSystemInformation [0xA780AEE8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSetValueKey [0xA78093F4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwShutdownSystem [0xA780807A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwSystemDebugControl [0xA78082A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateProcess [0xA7807B2A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys ZwTerminateThread [0xA7807918]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2F9C 80504894 4 Bytes CALL 98F7C947
? System32\DRIVERS\cmderd.sys The system cannot find the path specified. !
? System32\DRIVERS\cmdguard.sys The system cannot find the path specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[236] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[252] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[380] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[452] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre7\bin\jqs.exe[556] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe[572] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[668] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text c:\program files\idt\wdm\STacSV.exe[708] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 003CCE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003D5680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 003CCF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003D26F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003D3280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003D1220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003D1B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003DDF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003DE410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\acs.exe[812] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 003DE1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Bonjour\mDNSResponder.exe[840] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1136] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1412] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AC0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[1504] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[1516] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1692] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1700] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1740] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program[1780] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0061DD20 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text C:\Program[1780] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 00635CB0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1852] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\MsMpEng.exe[1872] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2100] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2336] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00395680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003926F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00393280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0039DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00391220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00391B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0039E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxtray.exe[2348] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 0039E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0038CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00395680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0038CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003926F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00393280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 0039DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00391220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00391B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 0039E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\hkcmd.exe[2388] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 0039E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\igfxpers.exe[2396] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[2696] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 0039CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 003A5680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 0039CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 003A26F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 003A3280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 003ADF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 003A1220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 003A1B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 003AE410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\IDT\WDM\sttray.exe[3008] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 003AE1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe[3016] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[3024] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 009FCE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00A05680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 009FCF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00A026F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00A03280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 00A01220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 00A01B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00A0DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 00A0E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Atheros\ACU.exe[3144] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 00A0E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe[3184] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe[3332] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe[3492] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3504] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Microsoft Security Client\msseces.exe[3572] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3588] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iTunes\iTunesHelper.exe[3624] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[3748] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\iPod\bin\iPodService.exe[3980] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe[3988] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ntdll.dll!LdrUnloadDll 7C9171CD 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 1002DF90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ADVAPI32.dll!CreateProcessAsUserW 77DEA8A9 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ADVAPI32.dll!CreateProcessAsUserA 77E10CE8 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ole32.dll!CoCreateInstanceEx 774FF164 5 Bytes JMP 1002E410 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe[4000] ole32.dll!CoGetClassObject 77515205 5 Bytes JMP 1002E1D0 C:\WINDOWS\system32\guard32.dll

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Cdfs.SYS (CD-ROM File System Driver/Microsoft Corporation)
---- Processes - GMER 1.0.15 ----

Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [236] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [236] 0x044E0000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [252] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [380] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [452] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Java\jre7\bin\jqs.exe [556] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe [572] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\spoolsv.exe [668] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ c:\program files\idt\wdm\STacSV.exe [708] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\acs.exe [812] 0x003B0000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Bonjour\mDNSResponder.exe [840] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1136] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [1412] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\winlogon.exe [1460] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\services.exe [1504] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\lsass.exe [1516] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1692] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1700] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1740] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x00400000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program [1780] 0x10000000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x01410000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x01460000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02360000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x023C0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x01F60000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02570000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x025D0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02650000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x02FC0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03000000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03040000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03080000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x030E0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03150000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03190000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x031D0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03210000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03480000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03500000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x035D0000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03620000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03680000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x03790000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x70A40000
Library C:\Program (*** hidden *** ) @ C:\Program [1780] 0x64980000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\svchost.exe [1852] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\MsMpEng.exe [1872] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2100] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [2336] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxtray.exe [2348] 0x00370000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\hkcmd.exe [2388] 0x00370000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\igfxpers.exe [2396] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\WINDOWS\system32\ctfmon.exe [2696] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\IDT\WDM\sttray.exe [3008] 0x00380000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [3016] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3024] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Atheros\ACU.exe [3144] 0x009E0000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [3184] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [3332] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe [3492] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\DivX\DivX Update\DivXUpdate.exe [3504] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Microsoft Security Client\msseces.exe [3572] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Common Files\Java\Java Update\jusched.exe [3588] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\iTunes\iTunesHelper.exe [3624] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3748] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\iPod\bin\iPodService.exe [3980] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe [3988] 0x10000000
Library C:\WINDOWS\system32\guard32.dll (*** hidden *** ) @ C:\Program Files\McAfee Security Scan\3.0.207\SSScheduler.exe [4000] 0x10000000

---- Files - GMER 1.0.15 ----

File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd 0 bytes
File C:\Program Files\COMODO\COMODO Internet Security\Quarantine\Temp\baseupd\BASE_END_USER_v14713.cav 133419008 bytes

---- EOF - GMER 1.0.15 ----
Search
Viewing all articles
Browse latest Browse all 38405

Trending Articles

Practice Sheet of Right form of verbs for HSC Students

September 22, 2019, 11:40 pm

Download: FK ft Shenky – Nakuyewa ”Prod by: Shenky”

February 16, 2017, 4:24 pm

How to win at Markstrat (Markstrat Tips and Tricks) – Vodites

January 5, 2014, 10:34 pm

Ominde Commission Report and Recommendations – Ominde Report of 1964

March 16, 2015, 5:14 am

Bureau of Internal Revenue: Regional Offices (Directory)

January 9, 2014, 11:06 pm

GO 53 on Enhancement of Ex-gratia upto 5 Lakhs Toddy Tappers in Telangana

March 26, 2017, 11:23 pm

Cakewalk CA-2A Leveling Amplifier v2.0.1.97 WiN, v2.0.1.96 OSX Incl Keygen

October 17, 2016, 7:20 am

Mp3 Download: Mdu - Kunjenjenjena

December 7, 2017, 8:16 am

How the kill the job , when DTP request running for long hours.

July 26, 2013, 2:41 am

Microsoft Intune から展開しているアプリのアップデートについて

October 17, 2016, 4:11 am

18-year-old girl was beaten for half an hour by two Northampton men in 'an...

September 1, 2017, 10:00 pm

Car crash in Dunton Bassett leaves driver in critical condition

October 7, 2014, 7:51 am

Macky 2, Two Others In Road Accident

March 29, 2015, 5:34 am

Application log 00000000000000089514: Could not convert queue DLVST90CLNT

May 14, 2015, 11:27 pm

Detroit mafia: D’Anna Brothers agree to plea deal

April 21, 2016, 6:56 am

Delivery block field greyed out using VA02

January 26, 2016, 2:52 pm

Muloraki Au

June 22, 2016, 1:44 am

【個人撮影】スマホのプライベート映像♪「中に出さないで///」カラオケ屋での生ハメ撮りが流出w【リベンジポルノ】@PornHub

October 12, 2017, 2:23 pm

BREAKING NEWS: Diamond Platnumz Is Reported Dead After Ghastly Car Accident

February 9, 2018, 4:56 am

FIAT 500 B0111 B0112

July 5, 2018, 10:31 am
Search