Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Referred to Here From XP Forum [Solved]

Started by Far From Geek , May 31 2010 03:58 PM

  • This topic is locked This topic is locked

#1
Far From Geek
Posted 31 May 2010 - 03:58 PM

Far From Geek

    Member

  • Member
  • PipPip
  • 49 posts
I was referred here from the XP Forum. I have been having issues with getting a 0xA BSOD when trying to boot into Safe Mode. I have ran avast which found a couple of Win32:Adware-gen which I had avast delete an now runs a clean full scan. This did not correct the Safe Mode BSOD. Below are the MBAM, Gmer & OTL logs:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4159

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

5/31/2010 3:24:55 PM
mbam-log-2010-05-31 (15-24-55).txt

Scan type: Quick scan
Objects scanned: 122103
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

***********************************

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 16:27:54
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\uxtdqpog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xA9FBDC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xA9FBDB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xA9FBE0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xA9FBE014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xA9FBD70C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xA9FBDC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xA9FBD64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xA9FBD6B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xA9FBDD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xA9FBE1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xA9FBDCF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xA9FBDE70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xA9FCA8EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2468 80501CA0 4 Bytes JMP DAA9FBE0
PAGE ntkrnlpa.exe!NtCreateSection 805A075C 7 Bytes JMP A9FCA8EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805B1CE0 5 Bytes JMP A9FC6536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805B8B58 5 Bytes JMP A9FC7EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xB9AF4900]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[384] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Java\jre6\bin\jqs.exe[436] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[520] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\services.exe[620] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\lsass.exe[632] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[792] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[836] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[904] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0040FD50 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1040] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Ahead\InCD\InCDsrv.exe[1108] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1272] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\svchost.exe[1340] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1428] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\system32\spoolsv.exe[1680] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\System32\alg.exe[1868] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] shell32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] shell32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] shell32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\DOCUME~1\WAMBOJ~1\LOCALS~1\Temp\Temporary Directory 3 for gmer.zip\gmer.exe[2536] shell32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\Explorer.EXE[2752] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 10001E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 10001E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] WININET.dll!InternetConnectA 3D94DEAE 5 Bytes JMP 10001E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe[2852] WININET.dll!InternetConnectW 3D94F862 5 Bytes JMP 10001E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2872] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0050E060 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10001950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 100082B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 100018D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10001890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 100019B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10001910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 10001A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10001970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 100018F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10001930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 100019D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10001990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 100018B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10001A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 10004550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 100081E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 100019F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 10001B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 10001D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!LoadLibraryExW 7C801AF5 7 Bytes JMP 10001AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 10001AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 10001D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 10001A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 10001A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 10001A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 10001D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 10001CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 10001D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 10001B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 10001C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 10001C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 10001B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 10001BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 10001B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 10001B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 10001CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 10001CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 10001C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 10001BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 10001C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 10001C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 10001BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 10001D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 10001AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10007E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 10001480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 10001640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 10001000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 10001250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 10001E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 10001DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 10001DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 10001DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10007BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\WINDOWS\SOUNDMAN.EXE[2884] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10007D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 00791950 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 007982B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 007918D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 00791890 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 007919B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 00791910 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 00791A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 00791970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 007918F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00791930 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 007919D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 00791990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 007918B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 007922D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 00791A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 00794550 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 007981E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ntdll.dll!LdrGetProcedureAddress 7C917EA8 5 Bytes JMP 007919F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CreateFileA 7C801A28 5 Bytes JMP 00791B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00791D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!LoadLibraryExW 7C801AF5 3 Bytes JMP 00791AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!LoadLibraryExW + 4 7C801AF9 3 Bytes [83, CC, CC] {OR ESP, -0x34}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!LoadLibraryExA 7C801D53 5 Bytes JMP 00791AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!LoadLibraryA 7C801D7B 5 Bytes JMP 00791D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 00791A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00791A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!GetProcAddress 7C80AE40 5 Bytes JMP 00791A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!LoadLibraryW 7C80AEEB 5 Bytes JMP 00791D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!GetModuleHandleA 7C80B741 5 Bytes JMP 00791CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!GetModuleHandleW 7C80E4DD 5 Bytes JMP 00791D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CreateFileW 7C810800 5 Bytes JMP 00791B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!MoveFileWithProgressW 7C81F72E 5 Bytes JMP 00791C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!MoveFileW 7C821261 5 Bytes JMP 00791C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!OpenFile 7C821982 2 Bytes JMP 00791B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!OpenFile + 3 7C821985 2 Bytes [F7, 83]
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CopyFileExW 7C827B32 7 Bytes JMP 00791BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CopyFileA 7C8286EE 5 Bytes JMP 00791B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CopyFileW 7C82F87B 5 Bytes JMP 00791B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!DeleteFileA 7C831EDD 5 Bytes JMP 00791CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!DeleteFileW 7C831F63 5 Bytes JMP 00791CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!MoveFileExW 7C83568B 5 Bytes JMP 00791C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!MoveFileA 7C835EBF 5 Bytes JMP 00791BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!MoveFileWithProgressA 7C835EDE 5 Bytes JMP 00791C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!MoveFileExA 7C85E49B 5 Bytes JMP 00791C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!CopyFileExA 7C85F39C 5 Bytes JMP 00791BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00791D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] kernel32.dll!LoadModule 7C86261E 5 Bytes JMP 00791AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ADVAPI32.dll!OpenServiceW 77DE6FFD 7 Bytes JMP 00791480 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ADVAPI32.dll!OpenServiceA 77DF4C66 7 Bytes JMP 00791640 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ADVAPI32.dll!CreateServiceA 77E37211 7 Bytes JMP 00791000 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ADVAPI32.dll!CreateServiceW 77E373A9 7 Bytes JMP 00791250 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 00791E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] WS2_32.dll!WSASocketA 71AB8B6A 5 Bytes JMP 00791E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00797E80 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] SHELL32.dll!ShellExecuteExW 7CA0996B 5 Bytes JMP 00791E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] SHELL32.dll!ShellExecuteEx 7CA40EB5 5 Bytes JMP 00791DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] SHELL32.dll!ShellExecuteA 7CA411E0 5 Bytes JMP 00791DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] SHELL32.dll!ShellExecuteW 7CAB5D48 5 Bytes JMP 00791DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00797BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3884] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00797D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----

********************************************
OTL & Extra are comming

Thank you in advance for your help
  • 0

Advertisements

#2
Far From Geek
Posted 31 May 2010 - 03:59 PM

Far From Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
OTL Extras logfile created on: 5/31/2010 4:31:30 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\Wambo Jr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 221.43 Gb Free Space | 95.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WAMBO
Current User Name: Wambo Jr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"@BIOS" = @BIOS
"{08498FF9-6C9B-4FC2-8DE1-BD98C89CC220}" = RaidApplication
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{21E75254-410E-49C4-8981-2E1A2A2221F2}" = HP Diagnostic Assistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2405665A-16C9-4D3A-B70E-F006220E1472}" = Overland
"{267868CE-6DFF-40F7-9C58-C01119B7B117}" = Fax
"{26A24AE4-039D-4CA4-87B4-2F83216017F0}" = Java™ 6 Update 17
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java™ 6 Update 20
"{2BBC9458-07CA-4843-848B-5C8146E5EFA8}" = CreativeProjects
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A59AC3-6C5C-4A09-A7F5-369A37176C8A}" = AiOSoftware
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3AE681E0-4E8D-453F-950A-48534D3C0724}" = Copy
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{457791C5-D702-4143-A7B2-2744BE9573F2}" = HP Software Update
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45FC15ED-1713-4394-ACDF-866E23F46F46}" = 1300_Help
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{48B861BF-BE67-4ED9-9DF9-761586E229D4}_is1" = Onlinebandit 5.91
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E03E0F0-9530-4D74-A6EE-0FF134EBA6F0}" = 1300Trb
"{597D73A8-5FDB-4bc1-9893-40B54459F1BC}" = ProductContext
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981FB376-8418-4EA8-BBED-9DE5AA63E7D5}" = SkinsHP1
"{9CB2512B-3EC4-43DF-8002-46BDAB5EDD1B}" = QuickProjects
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A1DCC235-DACC-4E1F-8D11-D630634B4AEF}" = PhotoGallery
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B24F8C38-099E-4C29-A5B2-F012B5E22CAB}" = 1300Tour
"{B32C75F2-7495-4D01-9431-C11E97D66F8C}" = DocProc
"{B3D5D4E0-E965-41C4-ABFD-A7B1AD0663C2}" = Director
"{B45D9FEE-1AF4-46F3-9A83-2545F81547F5}" = CreativeProjectsTemplates
"{B56D5B09-C4FB-4EA0-8EAD-7BC3E2715A2D}" = DocumentViewer
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BA9A0063-68B5-47B3-91EA-214AD5B79EFB}" = 1300
"{BCC992E5-5C81-4066-9B55-03DC10B24D21}" = InstantShare
"{BF018D2F-C788-4AB1-AB95-1280EAB8F13E}" = TrayApp
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC8673DA-F96B-497E-B2DB-BC7B029FD680}" = BufferChm
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F47155-5B4D-42AA-97F8-490BC52EA7F3}" = Destinations
"{F65787F3-B356-45EC-8DD0-0E6758EDBCEE}" = WebReg
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FF26F7EA-BCEE-478C-9A1B-6B4F88717D73}" = CueTour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast5" = avast! Free Antivirus
"Blueline_is1" = Blueline 1.0.7
"CCleaner" = CCleaner
"C-Media Audio Driver" = C-Media WDM Audio Driver
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"COMODO Internet Security" = COMODO Internet Security
"DMIView" = DMIView
"EasyTune5" = EasyTune5
"ERUNT_is1" = ERUNT 1.1j
"Gigabyte Face Wizard" = Gigabyte Face Wizard
"Gigabyte Management Colsole 2.02" = Gigabyte Management Colsole 2.02
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Intel® 536EP Modem" = Intel® 536EP Modem
"KeyNote_is1" = KeyNote 1.6.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PowerShell" = Windows PowerShell™ 1.0
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.3
"WhoCrashed_is1" = WhoCrashed 2.10
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/16/2010 10:46:16 PM | Computer Name = WAMBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/24/2010 6:31:53 AM | Computer Name = WAMBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/24/2010 6:31:56 AM | Computer Name = WAMBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

Error - 5/26/2010 8:52:09 PM | Computer Name = WAMBO | Source = Microsoft Works 8 | ID = 1000
Description =

Error - 5/26/2010 8:52:11 PM | Computer Name = WAMBO | Source = Microsoft Works 8 | ID = 1001
Description =

Error - 5/26/2010 8:52:21 PM | Computer Name = WAMBO | Source = Microsoft Works 8 | ID = 1000
Description =

Error - 5/26/2010 8:52:36 PM | Computer Name = WAMBO | Source = Microsoft Works 8 | ID = 1001
Description =

Error - 5/28/2010 1:26:28 PM | Computer Name = WAMBO | Source = Application Error | ID = 1000
Description = Faulting application gamezone.exe, version 0.0.0.0, faulting module
l3codeca.acm, version 1.9.0.306, fault address 0x000013bb.

Error - 5/31/2010 9:37:17 AM | Computer Name = WAMBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: This operation returned because the timeout period expired.

Error - 5/31/2010 9:37:17 AM | Computer Name = WAMBO | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download....uthrootseq.txt>
with error: The specified server cannot perform the requested operation.

[ System Events ]
Error - 5/18/2010 11:45:26 PM | Computer Name = WAMBO | Source = PlugPlayManager | ID = 12
Description = The device 'LITE-ON CD-RW SOHR-5239S' (IDE\CdRomLITE-ON_CD-RW_SOHR-5239S________________2S05____\5&40f06df&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 5/19/2010 12:05:33 AM | Computer Name = WAMBO | Source = PlugPlayManager | ID = 12
Description = The device 'LITE-ON CD-RW SOHR-5239S' (IDE\CdRomLITE-ON_CD-RW_SOHR-5239S________________2S05____\5&40f06df&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 5/19/2010 12:16:30 AM | Computer Name = WAMBO | Source = PlugPlayManager | ID = 12
Description = The device 'LITE-ON CD-RW SOHR-5239S' (IDE\CdRomLITE-ON_CD-RW_SOHR-5239S________________2S05____\5&40f06df&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 5/19/2010 12:36:04 AM | Computer Name = WAMBO | Source = PlugPlayManager | ID = 12
Description = The device 'LITE-ON CD-RW SOHR-5239S' (IDE\CdRomLITE-ON_CD-RW_SOHR-5239S________________2S05____\5&40f06df&0&0.0.0)
disappeared from the system without first being prepared for removal.

Error - 5/30/2010 9:29:47 PM | Computer Name = WAMBO | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 5/30/2010 9:29:47 PM | Computer Name = WAMBO | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 5/30/2010 9:35:32 PM | Computer Name = WAMBO | Source = Setup | ID = 60055
Description = Windows Setup encountered non-fatal errors during installation. Please
check the setuperr.log found in your Windows directory for more informatio


< End of report >

*************************************

OTL logfile created on: 5/31/2010 4:31:30 PM - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Documents and Settings\Wambo Jr\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 221.43 Gb Free Space | 95.08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WAMBO
Current User Name: Wambo Jr
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/05/31 16:28:29 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wambo Jr\Desktop\OTL.exe
PRC - [2010/05/06 15:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/01/28 20:01:52 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/01/28 20:01:41 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2004/07/27 04:01:36 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2010/05/31 16:28:29 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wambo Jr\Desktop\OTL.exe
MOD - [2010/02/03 08:19:20 | 000,171,552 | ---- | M] (COMODO) -- C:\WINDOWS\system32\guard32.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/05/06 15:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/01/28 20:01:41 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2004/08/27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2004/08/27 10:00:20 | 001,192,050 | ---- | M] (Ahead Software AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)
SRV - [2004/03/18 17:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/04/12 02:40:28 | 000,019,200 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2010/04/12 02:17:36 | 000,324,608 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2010/02/03 08:19:17 | 000,134,344 | ---- | M] (COMODO) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/01/28 20:02:24 | 000,087,104 | ---- | M] (COMODO) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys -- (Inspect)
DRV - [2010/01/28 20:02:23 | 000,025,160 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2004/12/10 22:30:42 | 001,903,338 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelS51.sys -- (Intels51) Intel®
DRV - [2004/09/21 00:09:10 | 000,186,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2004/08/27 10:02:46 | 000,028,672 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\InCDpass.sys -- (InCDPass)
DRV - [2004/08/27 10:02:30 | 000,092,928 | ---- | M] (Ahead Software AG) [File_System | Disabled | Running] -- C:\WINDOWS\system32\drivers\InCDfs.sys -- (InCDfs)
DRV - [2004/08/27 03:02:50 | 000,027,648 | ---- | M] (Ahead Software AG) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\InCDrm.sys -- (incdrm)
DRV - [2004/08/02 08:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/23 22:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/10/08 23:46:00 | 000,044,544 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiSRaid.sys -- (SiSRaid)
DRV - [2003/07/17 20:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 04:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 02:14:46 | 000,049,024 | R--- | M] (Windows ® 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/10/15 21:33:54 | 000,018,272 | ---- | M] (Gigabyte Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wmibios.sys -- (WMIBIOS)
DRV - [2002/08/20 04:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 10:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2002/05/13 20:16:08 | 000,021,184 | ---- | M] (Gigabyte Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wmiinfo.sys -- (WMIINFO)
DRV - [2001/08/17 14:57:38 | 000,016,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2000/10/12 17:16:48 | 000,013,332 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\GLOGODrv.sys -- (GLOGODrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://att.my.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://att.my.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {405e2f6c-b9b8-4515-a69c-e375d7156c86}:0.1.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/07 16:39:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/14 22:55:20 | 000,000,000 | ---D | M]

[2010/02/07 22:57:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Extensions
[2010/05/31 15:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions
[2010/04/28 05:05:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/02/07 23:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{405e2f6c-b9b8-4515-a69c-e375d7156c86}
[2010/05/19 19:31:24 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010/05/31 15:41:52 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/14 20:50:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} http://static.ak.fac...b?1271006844828 (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1264476673046 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/01/25 20:22:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2429e74a-53f8-11df-8ba8-000feadfc539}\Shell\AutoRun\command - "" = ji83j.exe
O33 - MountPoints2\{2429e74a-53f8-11df-8ba8-000feadfc539}\Shell\open\Command - "" = ji83j.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2010/05/30 20:29:37 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
Drivers32: wave1 - C:\WINDOWS\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17746534284132352)

========== Files/Folders - Created Within 90 Days ==========

[2010/05/31 16:28:28 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Wambo Jr\Desktop\OTL.exe
[2010/05/31 15:35:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/31 14:47:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Wambo Jr\Recent
[2010/05/30 23:41:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/05/30 23:13:46 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/05/30 22:45:16 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2010/05/30 20:33:15 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/05/30 20:33:15 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/05/30 20:31:27 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/05/18 23:51:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\Application Data\ElevatedDiagnostics
[2010/05/18 23:47:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\windowspowershell
[2010/05/17 14:37:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/05/17 01:59:19 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/17 01:59:19 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/17 01:59:19 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/17 01:59:19 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/17 01:59:18 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/17 01:59:18 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/17 01:59:18 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/05/17 01:59:05 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/17 01:59:05 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/13 22:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/13 22:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010/05/12 22:03:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\Application Data\mIRC
[2010/04/29 20:31:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\My Documents\Becca
[2010/04/17 00:08:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\My Documents\Britt
[2010/04/14 20:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2010/04/13 23:02:31 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/04/11 12:27:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\Application Data\Facebook
[2010/03/22 19:56:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\My Documents\Kathi
[2010/03/22 16:08:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\Application Data\Template
[2010/03/15 23:34:03 | 000,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2010/03/12 23:59:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/03/12 23:59:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/03/12 23:59:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/03/12 23:56:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\Application Data\Sun
[2010/03/09 22:48:44 | 000,000,000 | ---D | C] -- C:\Program Files\Utes
[2010/03/09 08:13:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\My Documents\Puter Health
[2010/03/07 22:48:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\Local Settings\Application Data\Ahead
[2010/03/03 20:16:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/03/03 19:59:57 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010/03/02 23:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\Tracing
[2010/03/02 23:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/03/02 23:25:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft
[2010/03/02 23:25:38 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/03/02 23:25:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/03/02 23:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/03/02 21:54:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2010/03/02 21:49:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Wambo Jr\My Documents\put imprtnt stffs
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/05/31 16:30:53 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\Desktop\otl script.wps
[2010/05/31 16:30:53 | 000,002,772 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\Application Data\wklnhst.dat
[2010/05/31 16:28:29 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wambo Jr\Desktop\OTL.exe
[2010/05/31 15:15:18 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/31 15:15:11 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/31 15:12:46 | 003,145,728 | -H-- | M] () -- C:\Documents and Settings\Wambo Jr\NTUSER.DAT
[2010/05/31 15:12:46 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Wambo Jr\ntuser.ini
[2010/05/31 12:30:06 | 000,030,888 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/05/31 12:01:18 | 000,013,698 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/31 00:19:49 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/05/31 00:19:49 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/05/31 00:18:32 | 000,521,942 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/31 00:18:32 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/31 00:18:32 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/30 23:46:58 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/05/30 23:40:26 | 000,149,992 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/30 21:06:20 | 000,000,595 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/30 21:06:20 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2010/05/30 21:06:20 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/30 20:34:53 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/05/30 20:30:00 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/30 20:29:01 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/05/30 20:29:01 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/05/30 20:27:34 | 000,023,348 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/20 21:51:11 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/18 21:40:40 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\My Documents\wrk addrss.wps
[2010/05/17 01:59:18 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/05/07 23:49:37 | 000,564,940 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\My Documents\EdSlfr 5-7-10.pdf
[2010/05/06 15:59:57 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/05/06 15:59:36 | 000,165,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/05/06 15:39:23 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/05/06 15:39:00 | 000,164,048 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/05/06 15:34:27 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/05/06 15:33:59 | 000,100,432 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/05/06 15:33:55 | 000,094,800 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/05/06 15:33:47 | 000,019,024 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/05/06 15:33:29 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/26 22:36:36 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/04/17 18:19:46 | 001,764,102 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\My Documents\Groc List for RAM Put.bmp
[2010/03/22 19:56:57 | 000,010,752 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\My Documents\UWGB application statement.wps
[2010/03/22 18:05:08 | 000,032,128 | ---- | M] () -- C:\Documents and Settings\Wambo Jr\My Documents\PrintCompletion.pdf
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/31 16:30:53 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\Wambo Jr\Desktop\otl script.wps
[2010/05/31 01:07:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\InstFunc.exe
[2010/05/30 22:19:17 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/05/30 22:19:17 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/05/30 22:19:17 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/05/30 22:19:17 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/05/30 22:19:16 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/05/30 22:19:16 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/05/30 22:19:16 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/05/30 22:19:16 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/05/30 22:19:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/05/30 22:19:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/05/30 22:19:16 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/05/30 22:19:16 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/05/30 22:19:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/05/30 22:19:16 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/05/30 22:19:16 | 000,069,612 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/05/30 22:19:16 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/05/30 22:19:16 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/05/30 22:19:16 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/05/30 22:19:16 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/05/30 22:19:16 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/05/30 22:19:16 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/05/30 22:19:16 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/05/30 22:19:16 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/05/30 22:19:16 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/05/30 22:19:16 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/05/30 22:19:16 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/05/30 22:19:16 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/05/30 22:19:15 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/05/30 22:19:15 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/05/30 22:19:15 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/05/30 22:19:14 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/05/30 22:19:14 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/05/30 22:19:14 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/05/30 22:19:14 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/05/30 22:19:14 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/05/30 22:19:14 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/05/30 22:19:14 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/05/30 22:19:14 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/05/30 22:19:14 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/05/30 22:19:14 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/05/30 22:19:13 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/05/30 22:19:13 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/05/30 22:19:12 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/05/30 22:19:11 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/05/30 22:19:11 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/05/30 22:19:11 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/05/30 22:19:11 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/05/30 22:19:08 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/05/30 22:19:08 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/05/30 22:19:08 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/05/30 22:19:08 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/05/30 22:19:08 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/05/30 22:19:07 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/05/30 22:19:04 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/05/30 22:19:01 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/05/30 22:19:01 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/05/30 22:19:01 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/05/30 22:19:01 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/05/30 22:19:00 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/05/30 22:19:00 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/05/30 22:19:00 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/05/30 22:19:00 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/05/30 22:19:00 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/05/30 22:19:00 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/05/30 20:34:06 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/05/30 20:33:06 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/05/30 20:33:05 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/05/30 20:33:03 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/05/30 20:32:34 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/05/30 20:32:33 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/05/30 20:32:20 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/05/30 20:32:18 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/05/30 20:32:15 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/05/30 20:32:05 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/05/30 20:31:57 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/05/30 20:31:31 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/05/30 20:31:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/05/30 20:31:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/05/30 20:31:25 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/05/30 20:31:25 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/05/30 20:31:24 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/05/30 20:31:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/05/30 20:31:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/05/30 20:31:24 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/05/30 20:31:23 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/05/30 20:31:23 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/05/30 20:31:23 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/05/30 20:31:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/05/30 20:31:23 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/05/30 20:31:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/05/30 20:31:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/05/30 20:31:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/05/30 20:31:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/05/30 20:31:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/05/30 20:31:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/05/30 20:31:22 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/05/30 20:31:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/05/30 20:31:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/05/30 20:31:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/05/30 20:31:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/05/30 20:31:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/05/30 20:31:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/05/30 20:31:21 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/05/30 20:31:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/05/30 20:31:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/05/30 20:31:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/05/30 20:31:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/05/30 20:31:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/05/30 20:31:20 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/05/30 20:31:19 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/05/30 20:31:19 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/05/30 20:31:19 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/05/30 20:31:19 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/05/30 20:31:19 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/05/30 20:31:18 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/05/30 20:31:18 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/05/30 20:31:18 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/05/30 20:31:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/05/30 20:31:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/05/30 20:31:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/05/30 20:31:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls
[2010/05/30 20:31:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/05/30 20:31:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/05/30 20:31:17 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/05/30 20:31:16 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/05/30 20:31:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/05/30 20:31:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/05/30 20:31:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/05/30 20:31:16 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/05/30 20:31:15 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/05/30 20:31:15 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/05/30 20:31:15 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/05/30 20:31:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/05/30 20:31:15 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/05/30 20:31:14 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/05/30 20:31:13 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/05/30 20:29:01 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/05/30 20:28:52 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/05/30 20:13:09 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/05/30 20:13:09 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/05/30 20:13:08 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/05/30 20:13:08 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/05/30 20:13:08 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/05/30 20:13:08 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/05/30 20:13:07 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2010/05/20 21:50:53 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/05/17 12:35:48 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Wambo Jr\My Documents\wrk addrss.wps
[2010/05/07 23:49:22 | 000,564,940 | ---- | C] () -- C:\Documents and Settings\Wambo Jr\My Documents\EdSlfr 5-7-10.pdf
[2010/04/26 22:36:34 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2010/04/17 18:19:37 | 001,764,102 | ---- | C] () -- C:\Documents and Settings\Wambo Jr\My Documents\Groc List for RAM Put.bmp
[2010/03/22 19:56:57 | 000,010,752 | ---- | C] () -- C:\Documents and Settings\Wambo Jr\My Documents\UWGB application statement.wps
[2010/03/22 18:05:08 | 000,032,128 | ---- | C] () -- C:\Documents and Settings\Wambo Jr\My Documents\PrintCompletion.pdf
[2010/02/06 13:46:34 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/27 21:59:21 | 000,000,056 | ---- | C] () -- C:\WINDOWS\autmtst.ini
[2010/01/26 21:49:01 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\UninstGMT.dll
[2010/01/26 21:31:45 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2010/01/26 21:31:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/01/26 19:50:52 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2010/01/26 19:05:56 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2003/02/19 02:26:28 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[1996/04/03 14:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/05/17 01:58:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/31 13:35:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/18 23:51:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wambo Jr\Application Data\ElevatedDiagnostics
[2010/04/11 12:27:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wambo Jr\Application Data\Facebook
[2010/03/22 16:08:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wambo Jr\Application Data\Template

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/02/11 22:21:13 | 000,000,000 | ---- | M] () -- C:\ads.txt
[2010/01/25 20:22:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/27 22:27:13 | 000,000,211 | -HS- | M] () -- C:\BOOT.BAK
[2010/05/30 21:06:20 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2004/08/04 07:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2010/01/25 20:22:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/11 22:10:12 | 000,000,000 | ---- | M] () -- C:\dir
[2003/12/08 14:15:56 | 000,028,672 | R--- | M] ( ) -- C:\hpqimgrc.resources.dll
[2010/01/25 20:22:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/05/31 12:31:25 | 000,035,261 | ---- | M] () -- C:\JavaRa.log
[2010/02/11 22:32:16 | 000,000,000 | ---- | M] () -- C:\lads
[2010/02/05 19:13:44 | 000,000,000 | ---- | M] () -- C:\list.txt
[2010/03/30 20:23:08 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010/01/25 20:22:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/02/11 22:13:46 | 000,000,000 | ---- | M] () -- C:\notepad
[2004/08/04 07:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/01/25 23:14:12 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/05/31 15:15:10 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/05/31 12:04:16 | 000,013,782 | ---- | M] () -- C:\SAFEBOOT_REPAIR.TXT
[2010/02/11 22:12:06 | 000,000,000 | ---- | M] () -- C:\test.txt
[2010/02/11 21:26:54 | 000,000,000 | ---- | M] () -- C:\tst.txt
[2010/02/04 21:52:46 | 000,001,167 | ---- | M] () -- C:\_Sid.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2010/05/30 15:10:40 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/05/30 19:59:39 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2010/05/30 15:10:40 | 022,806,528 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/05/30 15:10:40 | 008,388,608 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >



Thanks again
  • 0

#3
emeraldnzl
Posted 06 June 2010 - 02:02 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Far From Geek,

Welcome to the Malware forum.

Now

Please run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
[2010/05/19 19:31:24 | 000,000,000 | ---D | M] (Zynga Toolbar) -- C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
O33 - MountPoints2\{2429e74a-53f8-11df-8ba8-000feadfc539}\Shell\AutoRun\command - "" = ji83j.exe
O33 - MountPoints2\{2429e74a-53f8-11df-8ba8-000feadfc539}\Shell\open\Command - "" = ji83j.exe

:Commands
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • It will produce a log for you on reboot, please post that log in your next reply.
Next

Please download ComboFix from one of these locations:

NOTE: If you are guest watching this topic. ComboFix is a very powerful tool. The disclaimer clearly states that you should not use it without supervision. There is good reason for this as ComboFix can, and sometimes does, run into conflict on a computer and render it unusable.

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

So when you return please post
  • OTL fix log
  • ComboFix.txt

  • 0

#4
Far From Geek
Posted 06 June 2010 - 09:26 AM

Far From Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Here are the OTL fix and Combofix logs:

All processes killed
========== OTL ==========
C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\searchplugin folder moved successfully.
C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\META-INF folder moved successfully.
C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\lib folder moved successfully.
C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\defaults folder moved successfully.
C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components folder moved successfully.
C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\chrome folder moved successfully.
C:\Documents and Settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822} folder moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2429e74a-53f8-11df-8ba8-000feadfc539}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2429e74a-53f8-11df-8ba8-000feadfc539}\ not found.
File ji83j.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2429e74a-53f8-11df-8ba8-000feadfc539}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2429e74a-53f8-11df-8ba8-000feadfc539}\ not found.
File ji83j.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wambo Jr
->Temp folder emptied: 17241 bytes
->Temporary Internet Files folder emptied: 414989 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 41015237 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1150 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 42.00 mb


OTL by OldTimer - Version 3.2.5.2 log created on 06062010_081350

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
-------------------------------------------------------------

ComboFix 10-06-05.02 - Wambo Jr 06/06/2010 8:38.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2015.1630 [GMT -5:00]
Running from: c:\documents and settings\Wambo Jr\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\test.txt

.
((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 13:13 . 2010-06-06 13:13 -------- d-----w- C:\_OTL
2010-05-31 06:07 . 2010-04-12 07:07 12288 ----a-w- c:\windows\InstFunc.dll
2010-05-31 06:07 . 2006-04-28 06:56 49152 ----a-w- c:\windows\InstFunc.exe
2010-05-31 03:45 . 2010-05-31 03:45 -------- d-----w- c:\program files\MSXML 6.0
2010-05-31 03:42 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-31 03:42 . 2010-02-25 16:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-31 03:42 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-31 03:42 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-31 03:42 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-31 03:42 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-31 03:19 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-05-31 03:19 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-05-31 03:19 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-05-31 03:19 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-05-31 03:01 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-31 03:00 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-31 03:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-31 02:57 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-31 02:56 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-31 02:55 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-31 02:18 . 2004-09-21 05:09 186584 ----a-w- c:\windows\system32\drivers\ET5Drv.sys
2010-05-31 01:32 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-05-31 01:31 . 2004-08-04 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2010-05-31 01:30 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-05-31 01:30 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-05-31 01:30 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-31 01:28 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-31 01:13 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-31 01:13 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-31 01:13 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-31 01:13 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-19 04:51 . 2010-05-19 04:51 -------- d-----w- c:\documents and settings\Wambo Jr\Application Data\ElevatedDiagnostics
2010-05-17 06:59 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-17 06:59 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-17 06:59 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-17 06:59 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-17 06:59 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-17 06:59 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-17 06:59 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-17 06:59 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-17 06:59 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 03:01 . 2010-05-31 18:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-14 03:01 . 2010-01-11 00:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-05-14 03:01 . 2010-05-31 17:33 -------- d-----w- c:\program files\SpywareBlaster
2010-05-13 03:03 . 2010-05-13 03:05 -------- d-----w- c:\documents and settings\Wambo Jr\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 02:53 . 2010-02-06 02:50 2772 ----a-w- c:\documents and settings\Wambo Jr\Application Data\wklnhst.dat
2010-05-31 17:30 . 2010-01-26 01:32 30888 ----a-w- c:\documents and settings\Wambo Jr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 06:04 . 2010-01-27 00:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 02:09 . 2010-01-27 02:49 -------- d-----w- c:\program files\GIGABYTE
2010-05-31 01:27 . 2010-01-26 01:19 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-27 01:00 . 2010-02-11 02:01 -------- d-----w- c:\program files\CCleaner
2010-05-17 06:58 . 2010-01-26 02:02 -------- d-----w- c:\program files\Alwil Software
2010-05-17 06:58 . 2010-01-26 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-01 21:51 . 2010-05-01 21:51 388096 ----a-r- c:\documents and settings\Wambo Jr\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-30 23:55 . 2010-02-10 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 20:39 . 2010-02-10 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-10 04:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 03:12 . 2010-04-17 03:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-15 01:50 . 2010-04-15 01:26 -------- d-----w- c:\program files\Java
2010-04-14 04:02 . 2010-04-14 04:02 -------- d-----w- c:\program files\Trend Micro
2010-04-12 22:29 . 2010-04-15 01:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 07:40 . 2010-04-12 07:40 19200 ----a-w- c:\windows\system32\drivers\srvkp.sys
2010-04-12 07:40 . 2010-04-12 07:40 1571001 ----a-w- c:\windows\system32\sisgl.dll
2010-04-12 07:22 . 2010-04-12 07:22 3468288 ----a-w- c:\windows\system32\sisgrv.dll
2010-04-12 07:17 . 2010-01-27 00:10 324608 ----a-w- c:\windows\system32\drivers\sisgrp.sys
2010-04-12 07:08 . 2010-04-12 07:08 9728 ----a-w- c:\windows\system32\SiSPIns2.dll
2010-04-12 07:07 . 2010-04-12 07:07 172032 ----a-w- c:\windows\system32\SiSInst.dll
2010-04-12 07:07 . 2010-04-12 07:07 258048 ----a-w- c:\windows\system32\SiSParse.dll
2010-04-12 07:06 . 2010-04-12 07:06 49152 ----a-w- c:\windows\system32\SiSBase.dll
2010-04-11 17:27 . 2010-04-11 17:27 50354 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Facebook\uninstall.exe
2010-04-11 17:27 . 2010-04-11 17:27 -------- d-----w- c:\documents and settings\Wambo Jr\Application Data\Facebook
2010-03-13 04:59 . 2010-03-13 04:59 503808 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57b3de27-n\msvcp71.dll
2010-03-13 04:59 . 2010-03-13 04:59 348160 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57b3de27-n\msvcr71.dll
2010-03-13 04:59 . 2010-03-13 04:59 499712 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57b3de27-n\jmc.dll
2010-03-13 04:59 . 2010-03-13 04:59 61440 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77308ae8-n\decora-sse.dll
2010-03-13 04:59 . 2010-03-13 04:59 12800 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77308ae8-n\decora-d3d.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-14 16:54 200704 ----a-w- c:\program files\GIGABYTE\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 19:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-08-27 08:01 1450096 ----a-w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-27 09:01 68096 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/17/2010 1:59 AM 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/25/2010 9:03 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/25/2010 9:03 PM 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/17/2010 1:59 AM 19024]
R2 GLOGODrv;GLOGODrv;c:\windows\system32\drivers\GLOGODrv.sys [3/2/2010 9:52 PM 13332]
R3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [1/26/2010 9:49 PM 18272]
R3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [1/26/2010 9:49 PM 21184]
S3 huadio;huadio;\??\c:\huadio.tmp --> c:\huadio.tmp [?]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271006844828
FF - ProfilePath - c:\documents and settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.geekstogo.com/forum/Malware-Removal-Guides-Tutorials-f121.html
FF - plugin: c:\documents and settings\Wambo Jr\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-Cmaudio - cmicnfg.cpl
AddRemove-C-Media Audio Driver - c:\windows\system32\cmirmdrv.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 08:44
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\huadio]
"ImagePath"="\??\c:\huadio.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(632)
c:\windows\system32\guard32.dll
.
Completion time: 2010-06-06 08:47:03
ComboFix-quarantined-files.txt 2010-06-06 13:46

Pre-Run: 237,237,149,696 bytes free
Post-Run: 237,197,393,920 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 6E41488DA20FA8E0DF03A68E95381833
  • 0

#5
emeraldnzl
Posted 06 June 2010 - 01:44 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Far From Geek,

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

Driver::
huadio

File::
c:\huadio.tmp

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet003\Services\huadio]

Reboot::


Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt. Please post that here for further review.
  • 0

#6
Far From Geek
Posted 06 June 2010 - 03:06 PM

Far From Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Are you at liberty to tell me just what type of entry "S3" is? Also any info on what huadio is would be helpful as I have not had much luck finding info on it just that it is associated as a rootkit?

Here is the Combofix file:

ComboFix 10-06-06.01 - Wambo Jr 06/06/2010 15:39:55.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2015.1584 [GMT -5:00]
Running from: c:\documents and settings\Wambo Jr\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Wambo Jr\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"c:\huadio.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HUADIO


((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 13:13 . 2010-06-06 13:13 -------- d-----w- C:\_OTL
2010-05-31 06:07 . 2010-04-12 07:07 12288 ----a-w- c:\windows\InstFunc.dll
2010-05-31 06:07 . 2006-04-28 06:56 49152 ----a-w- c:\windows\InstFunc.exe
2010-05-31 03:45 . 2010-05-31 03:45 -------- d-----w- c:\program files\MSXML 6.0
2010-05-31 03:42 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-31 03:42 . 2010-02-25 16:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-31 03:42 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-31 03:42 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-31 03:42 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-31 03:42 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-31 03:19 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-05-31 03:19 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-05-31 03:19 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-05-31 03:19 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-05-31 03:01 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-31 03:00 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-31 03:00 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-31 02:57 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-31 02:56 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-31 02:55 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-31 02:18 . 2004-09-21 05:09 186584 ----a-w- c:\windows\system32\drivers\ET5Drv.sys
2010-05-31 01:32 . 2001-08-18 03:36 38912 -c--a-w- c:\windows\system32\dllcache\EXCH_ntfsdrv.dll
2010-05-31 01:31 . 2004-08-04 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2010-05-31 01:30 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-05-31 01:30 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-05-31 01:30 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-05-31 01:28 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-05-31 01:13 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-05-31 01:13 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-05-31 01:13 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-05-31 01:13 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-05-19 04:51 . 2010-05-19 04:51 -------- d-----w- c:\documents and settings\Wambo Jr\Application Data\ElevatedDiagnostics
2010-05-17 06:59 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-17 06:59 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-17 06:59 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-17 06:59 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-17 06:59 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-17 06:59 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-17 06:59 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-17 06:59 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-05-17 06:59 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-14 03:01 . 2010-05-31 18:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-14 03:01 . 2010-01-11 00:40 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2010-05-14 03:01 . 2010-05-31 17:33 -------- d-----w- c:\program files\SpywareBlaster
2010-05-13 03:03 . 2010-05-13 03:05 -------- d-----w- c:\documents and settings\Wambo Jr\Application Data\mIRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 02:53 . 2010-02-06 02:50 2772 ----a-w- c:\documents and settings\Wambo Jr\Application Data\wklnhst.dat
2010-05-31 17:30 . 2010-01-26 01:32 30888 ----a-w- c:\documents and settings\Wambo Jr\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-31 06:04 . 2010-01-27 00:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-31 02:09 . 2010-01-27 02:49 -------- d-----w- c:\program files\GIGABYTE
2010-05-31 01:27 . 2010-01-26 01:19 23348 ----a-w- c:\windows\system32\emptyregdb.dat
2010-05-27 01:00 . 2010-02-11 02:01 -------- d-----w- c:\program files\CCleaner
2010-05-17 06:58 . 2010-01-26 02:02 -------- d-----w- c:\program files\Alwil Software
2010-05-17 06:58 . 2010-01-26 02:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-05-01 21:51 . 2010-05-01 21:51 388096 ----a-r- c:\documents and settings\Wambo Jr\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-04-30 23:55 . 2010-02-10 04:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-29 20:39 . 2010-02-10 04:33 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2010-02-10 04:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-17 03:12 . 2010-04-17 03:12 48464 ----a-w- c:\windows\system32\sirenacm.dll
2010-04-15 01:50 . 2010-04-15 01:26 -------- d-----w- c:\program files\Java
2010-04-14 04:02 . 2010-04-14 04:02 -------- d-----w- c:\program files\Trend Micro
2010-04-12 22:29 . 2010-04-15 01:50 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-12 07:40 . 2010-04-12 07:40 19200 ----a-w- c:\windows\system32\drivers\srvkp.sys
2010-04-12 07:40 . 2010-04-12 07:40 1571001 ----a-w- c:\windows\system32\sisgl.dll
2010-04-12 07:22 . 2010-04-12 07:22 3468288 ----a-w- c:\windows\system32\sisgrv.dll
2010-04-12 07:17 . 2010-01-27 00:10 324608 ----a-w- c:\windows\system32\drivers\sisgrp.sys
2010-04-12 07:08 . 2010-04-12 07:08 9728 ----a-w- c:\windows\system32\SiSPIns2.dll
2010-04-12 07:07 . 2010-04-12 07:07 172032 ----a-w- c:\windows\system32\SiSInst.dll
2010-04-12 07:07 . 2010-04-12 07:07 258048 ----a-w- c:\windows\system32\SiSParse.dll
2010-04-12 07:06 . 2010-04-12 07:06 49152 ----a-w- c:\windows\system32\SiSBase.dll
2010-04-11 17:27 . 2010-04-11 17:27 50354 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Facebook\uninstall.exe
2010-04-11 17:27 . 2010-04-11 17:27 -------- d-----w- c:\documents and settings\Wambo Jr\Application Data\Facebook
2010-03-13 04:59 . 2010-03-13 04:59 503808 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57b3de27-n\msvcp71.dll
2010-03-13 04:59 . 2010-03-13 04:59 348160 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57b3de27-n\msvcr71.dll
2010-03-13 04:59 . 2010-03-13 04:59 499712 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57b3de27-n\jmc.dll
2010-03-13 04:59 . 2010-03-13 04:59 61440 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77308ae8-n\decora-sse.dll
2010-03-13 04:59 . 2010-03-13 04:59 12800 ----a-w- c:\documents and settings\Wambo Jr\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-77308ae8-n\decora-d3d.dll
2010-03-10 06:15 . 2004-08-04 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-06_13.44.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-06 20:50 . 2010-06-06 20:50 16384 c:\windows\temp\Perflib_Perfdata_1d0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-01-29 1800464]
"SoundMan"="SOUNDMAN.EXE" [2004-07-27 68096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-03-24 18:17 952768 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneV]
2004-06-14 16:54 200704 ----a-w- c:\program files\GIGABYTE\ET5\GUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 21:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2004-02-12 19:38 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
2004-08-27 08:01 1450096 ----a-w- c:\program files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-07-27 09:01 68096 ----a-w- c:\windows\SOUNDMAN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-02-18 17:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [5/17/2010 1:59 AM 164048]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [1/25/2010 9:03 PM 134344]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [1/25/2010 9:03 PM 25160]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/17/2010 1:59 AM 19024]
R2 GLOGODrv;GLOGODrv;c:\windows\system32\drivers\GLOGODrv.sys [3/2/2010 9:52 PM 13332]
R3 WMIBIOS;%WMIBIOS.ServiceName%;c:\windows\system32\drivers\wmibios.sys [1/26/2010 9:49 PM 18272]
R3 WMIINFO;WMIINFO Driver;c:\windows\system32\drivers\wmiinfo.sys [1/26/2010 9:49 PM 21184]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://att.my.yahoo.com/
uInternet Connection Wizard,ShellNext = iexplore
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271006844828
FF - ProfilePath - c:\documents and settings\Wambo Jr\Application Data\Mozilla\Firefox\Profiles\3s3uwhxv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.geekstogo.com/forum/Malware-Removal-Guides-Tutorials-f121.html
FF - plugin: c:\documents and settings\Wambo Jr\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-06 15:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Ahead\InCD\InCDsrv.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Alwil Software\Avast5\setup\avast.setup
.
**************************************************************************
.
Completion time: 2010-06-06 15:55:34 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-06 20:55
ComboFix2.txt 2010-06-06 13:47

Pre-Run: 237,194,182,656 bytes free
Post-Run: 236,984,745,984 bytes free

Current=3 Default=3 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - C80EA5D4F2B325CDCBC0AF495F495C8C
  • 0

#7
emeraldnzl
Posted 06 June 2010 - 03:38 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Far From Geek,

You have used Malwarebytes before. If you still have it on your machine please update and run. Post the scan report back here.

If you no-longer have Malwarebytes please download from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next

Kaspersky on line scanner is very thorough. It can take a long time and for periods may seem not to be working. Just be patient and let it do its job.

Kaspersky works with Internet Explorer and Firefox 3.

Go to Kaspersky website and perform an online antivirus scan.

Note: you will need to turn off your security programs to allow Kaspersky to do its job.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start dowanloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Copy and paste that information in your next post.

So when you return please post
  • MBAM log
  • Kaspersky scan results
  • and tell me how your computer is performing now
  • 0

#8
Far From Geek
Posted 06 June 2010 - 07:22 PM

Far From Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
The computer seemed to be running fine just that I would get a BSOD whenever I tried to boot into safe mode and that no minidump files were generated both of which are still happening.

Here are the MBAM and Kaspersky logs:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4173

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2010 5:36:11 PM
mbam-log-2010-06-06 (17-36-11).txt

Scan type: Quick scan
Objects scanned: 122624
Time elapsed: 6 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------------

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, June 6, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, June 06, 2010 21:04:08
Records in database: 4206184
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\

Scan statistics:
Objects scanned: 45459
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 01:20:03


File name / Threat / Threats count
C:\Documents and Settings\Wambo Jr\My Documents\Downloads\mirc635.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.g 1

Selected area has been scanned.
  • 0

#9
emeraldnzl
Posted 06 June 2010 - 07:52 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Okay same problems still there then.

I am not seeing any malware now.

Let's try this:

Please uninstall Comodo. You can always reinstall it again.

After that test your machine to see whether it is still experiencing the same symptoms.

Come back and tell me how it went.

Edited by emeraldnzl, 06 June 2010 - 07:53 PM.
complete sentence

  • 0

#10
Far From Geek
Posted 06 June 2010 - 09:10 PM

Far From Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Uninstalled COMODO and then tried safe mode but got same BSOD and no minidump files...nothing changed. Same problem still exists.
  • 0

Advertisements

#11
emeraldnzl
Posted 07 June 2010 - 12:20 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Far From Geek,

Please note that Dial-A-Fix is only for Windows 2000/XP.

Download Dial-a-fix and save it to your desktop.

Double click the Dial-a-fix zip file and extract it to a folder on your Desktop.

Follow the tutorial here

After that come back and tell me if that has made a difference.
  • 0

#12
Far From Geek
Posted 07 June 2010 - 06:43 AM

Far From Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Downloaded Dial-a-fix & followed the tutorial. After running it sill have the same safe mode BSOD, no minidump files.
  • 0

#13
emeraldnzl
Posted 07 June 2010 - 03:42 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Question: Do you have a usb stick or some other removable device connected to your machine?

If you have please remove them and see if that makes a difference.

Come back and tell me.
  • 0

#14
Far From Geek
Posted 07 June 2010 - 05:02 PM

Far From Geek

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Sorry nothing in any of the usb ports. The only items connected to the tower are the basics:

monitor
keyboard
mouse
ethernet cable
power cable

none of these are connected through a usb port.

I should also mention that nothing is connected in any firewire ports, no speakers and no microphones are connected either.

Edited by Far From Geek, 07 June 2010 - 05:06 PM.

  • 0

#15
emeraldnzl
Posted 07 June 2010 - 06:31 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Far From Geek,

Please run the MGA Diagnostic Tool and post back the report it produces:
  • Download MGADiag to your desktop.
  • Double-click on MGADiag.exe to launch the program
  • Click "Continue"
  • Ensure that the "Windows" tab is selected (it should be by default).
  • Click the "Copy" button to copy the MGA Diagnostic Report to the Windows clipboard.
  • Paste the MGA Diagnostic Report back here in your next reply.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP