Howdy
Sage5,
Well another day is upon us, and I am still completely baffled. So I restarted the PC in
safe mode It took a while to actually load into safe mode, and when I did the mouse would flicker and lag
.
I have attached the performance and processes screen shots for you from safe mode.
At the beginning it was running around 10-25%, then when I loaded Firefox, System jumped to around 60% and did not go back down.
Here is the GMER data. What are you looking for here, I cannot make heads or tails of it.
GMER 1.0.14.14536 -
http://www.gmer.netRootkit scan 2008-09-11 20:03:43
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.14 ----
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xF3C1EC8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xF3C1E3C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xF3C1E8A0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateKey [0xF3C1F43C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xF3C1E080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xF3C20084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xF3C1EE72]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateThread [0xF3C1DC50]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteKey [0xF3C1F0B8]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDeleteValueKey [0xF3C1F268]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xF3C1DB02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xF3C1FD24]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xF3C1EAB0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenProcess [0xF3C1D822]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xF3C1E744]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenThread [0xF3C1D9AA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xF3C1F7F2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xF3C1E196]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xF3C1FAE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xF3C1FEC4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetValueKey [0xF3C1F602]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xF3C1E5D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xF3C1E638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xF3C1DF4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xF3C1DE18]
Code 76699580 IoReportHalResourceUsage
---- User code sections - GMER 1.0.14 ----
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\Firewall\cmdagent.exe[124] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LSSrvc.exe[304] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\RTHDCPL.EXE[416] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\RTHDCPL.EXE[416] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[792] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[792] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\services.exe[844] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[844] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\lsass.exe[884] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[884] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\RUNDLL32.EXE[888] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1076] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1076] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe[1100] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe[1132] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00845060 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00844F90 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00844C30 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] USER32.dll!mouse_event 7E466515 5 Bytes JMP 008416D0 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00841550 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00841860 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00841230 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 008413C0 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 92, 88 ]
.text E:\creative\Detector\CTDetect.exe[1168] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00844960 C:\WINDOWS\system32\guard32.dll
.text E:\creative\Detector\CTDetect.exe[1168] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00844AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1188] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\COMODO\SafeSurf\cssurf.exe[1228] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1288] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1288] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe[1340] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[1364] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1364] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1400] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1452] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 006E5060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 006E4F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] USER32.dll!EndTask 7E459E75 5 Bytes JMP 006E4C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] USER32.dll!mouse_event 7E466515 5 Bytes JMP 006E16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] USER32.dll!keybd_event 7E466559 5 Bytes JMP 006E1550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 006E1860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 006E1230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 006E13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 7C, 88 ]
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 006E4960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe[1500] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 006E4AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1508] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1712] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\WINDOWS\Explorer.EXE[1812] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1812] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 00395060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 00394F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] USER32.dll!EndTask 7E459E75 5 Bytes JMP 00394C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] USER32.dll!mouse_event 7E466515 5 Bytes JMP 003916D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] USER32.dll!keybd_event 7E466559 5 Bytes JMP 00391550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00391860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 00391230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 003913C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 47, 88 ]
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 00394960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe[1856] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 00394AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] GDI32.dll!CreateDCA 77F1B249 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] GDI32.dll!CreateDCW 77F1BE89 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] GDI32.dll!CreateDCW + 3 77F1BE8C 2 Bytes [ 0E, 98 ]
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] ole32.dll!CoCreateInstanceEx 774FFA6B 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Program Files\Nikon\PictureProject\NkbMonitor.exe[2036] ole32.dll!CoGetClassObject 77515DB2 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2508] ntdll.dll!NtClose 7C90D586 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2508] ntdll.dll!LdrUnloadDll 7C91718B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2508] USER32.dll!EndTask 7E459E75 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2508] USER32.dll!mouse_event 7E466515 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2508] USER32.dll!keybd_event 7E466559 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2508] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System