Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Recurring TR\Dropper.Gen


  • This topic is locked This topic is locked

#1
mjhermano

mjhermano

    Member

  • Member
  • PipPip
  • 14 posts
Greetings! I've been using AVG for years now and just half a year ago installed Comodo. A couple of days ago, I got warnings from Comodo about cmd.exe trying to connect to the internet. That was obviously suspicious, and since I'm not the only one who uses my computer it was plausible that I was infected.

AVG wasn't detecting any viruses at all despite updates, so I switched to Avira. Updated and run a scan and deleted instances of on1.exe, on123.exe, s1.ext, s123.exe, etc. A restart lated, I'm still experiencing the problem, and my Comodo processes list contains sqlagent (from one of my apps using SQLSERVER) running cmd.exe. HiJackThis also showed a call to cmd.exe plus some apparent try to use ftp.exe to connect to some computer. It's since then been creating the same files all over the place, plus a few more.

I managed to remove some permanently after downloading MBAM and a few other tricks, but the the on1.exe, etc. files always seem to come back, and Comodo's active processes still show the cmd.exe calls. The latest one was a tcpwamllib.exe file that appeared in Services as Windows Location tool-something and sports a funny description about the measuring the brightness in your location to optimize your PC.

Anyway, I'm at wit's end. I've tried everything possible to the best of my knowledge, and the cmd.exe calls keep coming. I've stopped Avira Guard for awhile so that I can use OTL (it seems to come up as a false positive), and comodo has since been showing warnings about svchost, dllhost and sqlagent running Word.exe and sb.dat in my system32.

Here's the OTL log (I checked LOP check and Purity Check by mistake). I appreciate any help anyone can give me, and even more so if you can explain what's going on so that I can help myself and others better in the future.

OTL logfile created on: 8/23/2011 2:02:40 PM - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\MJ\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 51.88% Memory free
3.85 Gb Paging File | 2.94 Gb Available in Paging File | 76.44% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 3.76 Gb Free Space | 3.85% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 20.27 Gb Free Space | 20.76% Space Free | Partition Type: NTFS
Drive E: | 292.97 Gb Total Space | 7.31 Gb Free Space | 2.50% Space Free | Partition Type: NTFS
Drive K: | 443.22 Gb Total Space | 3.40 Gb Free Space | 0.77% Space Free | Partition Type: NTFS

Computer Name: HERMANO-8050049 | User Name: MJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\MJ\My Documents\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\Trend Micro\HijackThis\HijackThis.exe (Trend Micro Inc.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\WINDOWS\tsnp2uvc.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\FixCamera.exe (SONIX)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\p.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\Locales\en-US.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avutil-50.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avformat-52.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avcodec-52.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
MOD - C:\Program Files\Nitro PDF\Professional\NPShellExtension.dll ()
MOD - C:\WINDOWS\tsnp2uvc.exe ()


========== Win32 Services (SafeList) ==========

SRV - (uolraw) -- File not found
SRV - (MSUpdqtesqi) -- File not found
SRV - (MSUpdqqtewsz) -- File not found
SRV - (HidServ) -- File not found
SRV - (Irmon) -- C:\WINDOWS\12556546_s.dll ()
SRV - (Iprip) -- C:\WINDOWS\12555796_s.dll ()
SRV - (Ias) -- C:\WINDOWS\12535265_s.dll ()
SRV - (6to4) -- C:\WINDOWS\12535156_s.dll ()
SRV - (WamlSvc) -- C:\WINDOWS\system32\tcpwamllib.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (DAUpdaterSvc) -- K:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (AntiLog32) -- C:\Program Files\AntiLogger\AntiLog32.sys (Zemana Ltd.)
DRV - (andnetndis) -- C:\WINDOWS\system32\drivers\lgandnetndis.sys (LG Electronics Inc)
DRV - (ANDNetModem) -- C:\WINDOWS\system32\drivers\lgandnetmodem.sys (LG Electronics Inc.)
DRV - (AndNetGps) -- C:\WINDOWS\system32\drivers\lgandnetgps.sys (LG Electronics Inc.)
DRV - (AndNetDiag) -- C:\WINDOWS\system32\drivers\lgandnetdiag.sys (LG Electronics Inc.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (oreans32) -- C:\WINDOWS\system32\drivers\oreans32.sys ()
DRV - (AladdinUsbFilter) -- C:\WINDOWS\system32\DRIVERS\AladdinUsbFilter.sys (Compuware Corporation)
DRV - (vusbbus) -- C:\WINDOWS\system32\drivers\vusbbus.sys (none)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\androidusb.sys (Google Inc)
DRV - (42555462) -- C:\WINDOWS\system32\DRIVERS\42555462.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_01.09.2010_04-16drv) -- C:\WINDOWS\system32\drivers\4255546.sys (Kaspersky Lab)
DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (42555461) -- C:\WINDOWS\system32\drivers\42555461.sys (Kaspersky Lab)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows ® 2000 DDK provider)
DRV - (wntpport) -- C:\WINDOWS\System32\drivers\WNTPPORT.SYS (Vireo Software)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=15161&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010/12/21 23:05:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 14:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 11:03:41 | 000,000,000 | ---D | M]

[2010/05/13 12:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MJ\Application Data\Mozilla\Extensions
[2011/08/21 05:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\extensions
[2010/10/07 03:46:01 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\extensions\[email protected]
[2011/07/12 14:01:16 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\searchplugins\askcom.xml
[2011/03/24 06:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/21 22:11:55 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2010/12/21 22:11:34 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/14 19:43:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/18 14:01:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/12/21 22:11:32 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/23 06:46:37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AntiLogger] C:\Program Files\AntiLogger\AntiLogger.exe (Zemana Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe (SONIX)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [shell] File not found
O4 - HKLM..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\MJ\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O4 - Startup: C:\Documents and Settings\MJ\Start Menu\Programs\Startup\setup_9.0.0.722_01.09.2010_04-16.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.8.224.36 202.8.224.39
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/14 00:41:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 12:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i2383
[2011/08/23 12:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/08/23 11:26:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/23 11:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2011/08/23 09:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i8291
[2011/08/23 08:04:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i7469
[2011/08/23 07:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i7384
[2011/08/23 07:46:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Storm
[2011/08/23 07:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6926
[2011/08/23 07:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i5526
[2011/08/23 06:31:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/23 06:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i5169
[2011/08/23 05:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/23 05:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/23 05:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/23 05:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/23 05:49:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MJ\Start Menu\Programs\Administrative Tools
[2011/08/23 05:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/23 05:42:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/23 03:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\DoctorWeb
[2011/08/23 03:32:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6949
[2011/08/23 03:08:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i3677
[2011/08/23 02:53:09 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/23 02:45:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6521
[2011/08/23 02:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Application Data\Malwarebytes
[2011/08/23 02:07:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/23 02:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/23 02:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/23 02:06:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/23 02:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/23 01:45:57 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/23 01:44:14 | 001,182,632 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Desktop\toolmbam.exe
[2011/08/23 01:16:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i8042
[2011/08/23 00:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i7242
[2011/08/22 20:50:30 | 000,000,000 | ---D | C] -- C:\Clipart
[2011/08/22 20:50:03 | 000,028,416 | ---- | C] (Vireo Software) -- C:\WINDOWS\System32\drivers\WNTPPORT.SYS
[2011/08/22 20:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wilcom 2006
[2011/08/15 13:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\My Documents\Any Video Converter
[2011/08/15 13:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Application Data\FVDToolbar
[2011/08/12 05:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Application Data\Avira
[2011/08/12 05:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/08/12 05:28:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/08/12 05:28:01 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/08/12 05:28:01 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/08/12 05:28:01 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/08/12 05:28:01 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/08/12 05:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/12 05:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/08/12 05:24:20 | 000,000,000 | ---D | C] -- C:\Avira
[2011/08/12 00:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i4022
[2011/08/01 06:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Application Data\FVD Suite
[2011/07/31 12:13:56 | 000,000,000 | -H-D | C] -- C:\Program Files\FVD Suite
[2011/07/25 09:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\My Documents\The Witcher
[2011/07/25 09:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Application Data\The Witcher
[2011/07/25 07:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Witcher
[2011/07/25 06:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Witcher Enhanced Edition
[2011/07/24 17:58:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA
[2010/10/12 21:20:43 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/05/24 04:55:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\MJ\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 14:07:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003UA.job
[2011/08/23 13:58:52 | 000,000,072 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat
[2011/08/23 13:58:51 | 000,000,101 | ---- | M] () -- C:\WINDOWS\System32\sb.dat
[2011/08/23 13:56:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\Word.exe
[2011/08/23 13:25:59 | 000,000,056 | ---- | M] () -- C:\WINDOWS\System32\onf1.dat
[2011/08/23 12:50:33 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb
[2011/08/23 12:35:58 | 008,405,015 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/08/23 12:34:59 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/23 11:50:48 | 000,561,152 | ---- | M] () -- C:\WINDOWS\System32\on123.exe
[2011/08/23 11:50:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex123.exe
[2011/08/23 11:49:37 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\onf123.dat
[2011/08/23 11:06:42 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\eeggjjll.exe
[2011/08/23 10:51:31 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\JJMMOOQQ.exe
[2011/08/23 10:36:25 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\MPPRRTTW.exe
[2011/08/23 10:32:48 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\qssuuxxz.exe
[2011/08/23 10:06:24 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\AAyyvvtt.exe
[2011/08/23 09:51:46 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\OOMMKKII.exe
[2011/08/23 09:48:01 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\bddffiik.exe
[2011/08/23 09:33:05 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ruuwwyyB.exe
[2011/08/23 09:23:09 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\IILLNNPP.exe
[2011/08/23 09:22:28 | 000,000,067 | ---- | M] () -- C:\xp360rp.exe
[2011/08/23 09:22:27 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xp360rp.exe
[2011/08/23 09:03:04 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\QSSVVXXZ.exe
[2011/08/23 08:47:51 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\VTTRROOM.exe
[2011/08/23 08:32:54 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ECCAAxxv.exe
[2011/08/23 08:18:10 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\AAxxvvtt.exe
[2011/08/23 08:06:43 | 000,079,360 | ---- | M] () -- C:\WINDOWS\12556546_s.dll
[2011/08/23 08:06:42 | 000,079,360 | ---- | M] () -- C:\WINDOWS\12555796_s.dll
[2011/08/23 08:06:22 | 000,079,360 | ---- | M] () -- C:\WINDOWS\12535265_s.dll
[2011/08/23 08:06:22 | 000,079,360 | ---- | M] () -- C:\WINDOWS\12535156_s.dll
[2011/08/23 08:02:45 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\NKKIIGGD.exe
[2011/08/23 07:47:51 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\roommkki.exe
[2011/08/23 07:32:50 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ppssuuww.exe
[2011/08/23 07:17:57 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\UXZbegil.exe
[2011/08/23 07:02:41 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\qsvxzCEG.exe
[2011/08/23 06:46:37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/23 06:33:56 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\KNPRUWYb.exe
[2011/08/23 06:32:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/23 06:20:04 | 000,167,936 | ---- | M] () -- C:\WINDOWS\System32\stnew.exe
[2011/08/23 06:19:45 | 000,167,936 | ---- | M] () -- C:\WINDOWS\System32\snew.exe
[2011/08/23 06:19:35 | 000,167,936 | ---- | M] () -- C:\WINDOWS\System32\bootnew.exe
[2011/08/23 05:06:30 | 000,001,991 | ---- | M] () -- C:\WINDOWS\System32\gaibian.com
[2011/08/23 02:46:01 | 000,092,160 | -HS- | M] () -- C:\WINDOWS\System32\tcpwamllib.exe
[2011/08/23 02:07:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 02:06:29 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/23 01:45:48 | 001,182,632 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Desktop\toolmbam.exe
[2011/08/22 22:47:44 | 001,482,795 | ---- | M] () -- C:\WINDOWS\System32\TORO_57FD245C.hasp
[2011/08/22 22:47:44 | 001,482,795 | ---- | M] () -- C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp
[2011/08/22 22:42:01 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\MJ\My Documents\test1.ID
[2011/08/22 22:26:17 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wilcom ES Designer 2006.lnk
[2011/08/22 21:07:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003Core.job
[2011/08/22 20:12:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/15 07:11:45 | 000,176,640 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 04:46:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\prvlcl.dat
[2011/08/12 02:39:31 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\SysS.xml
[2011/08/12 02:39:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\mcsql.vbs
[2011/07/24 17:58:11 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/07/24 17:58:11 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/07/24 17:58:06 | 000,273,344 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 14:06:21 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\SysS.ldb
[2011/08/23 13:56:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Word.exe
[2011/08/23 11:49:39 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\on123.exe
[2011/08/23 11:06:14 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\eeggjjll.exe
[2011/08/23 10:51:10 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\JJMMOOQQ.exe
[2011/08/23 10:36:10 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\MPPRRTTW.exe
[2011/08/23 10:21:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\qssuuxxz.exe
[2011/08/23 10:06:08 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\AAyyvvtt.exe
[2011/08/23 09:51:18 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\OOMMKKII.exe
[2011/08/23 09:47:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\bddffiik.exe
[2011/08/23 09:32:40 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ruuwwyyB.exe
[2011/08/23 09:26:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex123.exe
[2011/08/23 09:17:51 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\IILLNNPP.exe
[2011/08/23 09:02:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\QSSVVXXZ.exe
[2011/08/23 08:51:42 | 000,000,067 | ---- | C] () -- C:\xp360rp.exe
[2011/08/23 08:51:40 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\xp360rp.exe
[2011/08/23 08:47:33 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\VTTRROOM.exe
[2011/08/23 08:32:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ECCAAxxv.exe
[2011/08/23 08:17:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\AAxxvvtt.exe
[2011/08/23 08:06:43 | 000,079,360 | ---- | C] () -- C:\WINDOWS\12556546_s.dll
[2011/08/23 08:06:42 | 000,079,360 | ---- | C] () -- C:\WINDOWS\12555796_s.dll
[2011/08/23 08:06:22 | 000,079,360 | ---- | C] () -- C:\WINDOWS\12535265_s.dll
[2011/08/23 08:06:22 | 000,079,360 | ---- | C] () -- C:\WINDOWS\12535156_s.dll
[2011/08/23 08:02:34 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\NKKIIGGD.exe
[2011/08/23 07:47:38 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\roommkki.exe
[2011/08/23 07:32:31 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ppssuuww.exe
[2011/08/23 07:17:32 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\UXZbegil.exe
[2011/08/23 07:02:30 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\qsvxzCEG.exe
[2011/08/23 06:33:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\KNPRUWYb.exe
[2011/08/23 06:32:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/23 06:31:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/23 06:20:03 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\stnew.exe
[2011/08/23 06:19:44 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\snew.exe
[2011/08/23 06:19:34 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\bootnew.exe
[2011/08/23 05:50:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/23 05:50:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/23 05:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/23 05:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/23 05:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/23 05:06:23 | 000,001,991 | ---- | C] () -- C:\WINDOWS\System32\gaibian.com
[2011/08/23 02:46:01 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\tcpwamllib.exe
[2011/08/23 02:07:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 23:18:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onf123.dat
[2011/08/22 22:43:50 | 001,482,795 | ---- | C] () -- C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp
[2011/08/22 22:42:01 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\MJ\My Documents\test1.ID
[2011/08/22 22:05:20 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wilcom ES Designer 2006.lnk
[2011/08/22 20:50:03 | 000,020,644 | ---- | C] () -- C:\WINDOWS\System32\EMTRANS.VXD
[2011/08/12 02:39:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SysS.xml
[2011/08/12 02:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mcsql.vbs
[2011/08/12 00:52:04 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\gouri.bat
[2011/08/12 00:52:02 | 000,000,101 | ---- | C] () -- C:\WINDOWS\System32\sb.dat
[2011/08/12 00:26:55 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secedit.sdb
[2011/08/11 23:54:19 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\onf1.dat
[2011/08/02 10:23:44 | 001,406,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-448539723-725345543-1004-0.dat
[2011/07/31 23:22:09 | 001,571,278 | ---- | C] () -- C:\Documents and Settings\MJ\R44II+POH.pdf
[2011/07/24 17:57:20 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/07/20 20:52:18 | 001,406,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-448539723-725345543-1003-0.dat
[2011/07/20 20:52:11 | 001,406,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/03 16:04:21 | 002,332,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/01/23 12:39:04 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 12:38:59 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 12:38:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/12 21:20:42 | 000,320,512 | ---- | C] () -- C:\WINDOWS\tsnp2uvc.exe
[2010/10/11 14:33:04 | 000,075,128 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/01 22:24:01 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/23 14:46:18 | 000,034,704 | ---- | C] () -- C:\WINDOWS\syscall.dat
[2010/09/16 22:46:33 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\myMPQ.ini
[2010/07/12 14:39:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/29 12:34:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2010/06/24 13:54:35 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/05/24 04:55:59 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\vso_ts_preview.xml
[2010/05/24 04:55:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\pcouffin.cat
[2010/05/24 04:55:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\pcouffin.inf
[2010/05/22 13:42:00 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/05/22 13:42:00 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/05/21 20:39:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_85026.exe
[2010/05/21 16:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_17573.exe
[2010/05/19 00:04:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_10864.exe
[2010/05/17 02:11:07 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/17 02:11:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/16 15:00:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\prvlcl.dat
[2010/05/14 21:49:36 | 000,176,640 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 00:48:22 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/05/14 00:48:16 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/14 00:48:12 | 000,023,175 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/05/14 00:48:12 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/05/14 00:42:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 00:38:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/13 17:28:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/13 17:28:00 | 032,586,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/13 12:16:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/13 10:04:13 | 000,033,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\oreans32.sys
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 17:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/10/16 06:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 19:00:00 | 000,513,788 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 19:00:00 | 000,091,786 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/05/16 17:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/02/23 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/05/14 22:15:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/24 11:53:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/03/15 08:13:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/13 20:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/06/03 15:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/08/23 07:46:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Storm
[2010/05/24 06:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/09/23 14:46:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{680651BD-F2C0-418E-81A1-6F3DEB958964}
[2010/10/22 04:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\adma
[2011/06/03 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\AnvSoft
[2010/05/16 17:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Ashampoo
[2010/07/24 11:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Canon
[2011/03/13 20:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Downloaded Installations
[2011/06/13 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Foxreal
[2011/08/15 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\FVDToolbar
[2010/06/27 07:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Leawo
[2010/05/13 10:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Megaupload
[2010/12/21 18:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\ML
[2011/08/08 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Nitro PDF
[2010/05/29 05:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\runic games
[2011/06/03 20:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Samsung
[2010/06/23 12:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\The Creative Assembly
[2011/08/23 12:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\uTorrent
[2010/11/08 07:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Vso

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me Agent ST for short), it's a pleasure to meet you. :unsure:

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together :)
    Because of this, you must reply within three days
    failure to reply will result in the topic being closed!
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system.
    Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data. Have means of backing up your data available.
____________________________________________________

Please post the contents of the Extras.txt log.


I'd also like to see the contents of the ComboFix log. It can be found in C:\ComboFix.txt


NEXT:



Scanning with GMER

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.


Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it in your reply.

Notes:
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

Edited by SweetTech, 23 August 2011 - 07:59 AM.

  • 0

#3
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello! Thanks for taking up your time to help.

Some changes happened since the first post, so I'll post a new OTL log anyway.

OTL Log:


OTL logfile created on: 8/23/2011 10:05:32 PM - Run 4
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\MJ\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.99 Gb Available Physical Memory | 49.33% Memory free
3.85 Gb Paging File | 2.84 Gb Available in Paging File | 73.73% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 3.54 Gb Free Space | 3.63% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 20.27 Gb Free Space | 20.76% Space Free | Partition Type: NTFS
Drive E: | 292.97 Gb Total Space | 7.31 Gb Free Space | 2.50% Space Free | Partition Type: NTFS
Drive K: | 443.22 Gb Total Space | 3.40 Gb Free Space | 0.77% Space Free | Partition Type: NTFS
Drive N: | 1.40 Mb Total Space | 0.01 Mb Free Space | 0.84% Space Free | Partition Type: FAT

Computer Name: HERMANO-8050049 | User Name: MJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\MJ\My Documents\Downloads\OTL.scr (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
PRC - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
PRC - C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
PRC - C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
PRC - C:\WINDOWS\tsnp2uvc.exe ()
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\WINDOWS\FixCamera.exe (SONIX)
PRC - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - c:\Program Files\Wilcom\ES2006\BIN\ES.EXE ()
PRC - C:\WINDOWS\system32\secedit.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\ppgooglenaclpluginchrome.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\pdf.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\Locales\en-US.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avutil-50.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avformat-52.dll ()
MOD - C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\13.0.782.112\avcodec-52.dll ()
MOD - C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
MOD - C:\WINDOWS\tsnp2uvc.exe ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\RESOURCE.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\WESSYS.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\VERSNDLL.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\PRODUCT.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\OLEINTF.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\MOD1.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\IMPORT.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\IMAGE.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\HWRSETUP.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\GEOMETRY.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\EZSTITCH.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\ESRES.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\ESDRDR.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\EMMOD.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\EIDOLON.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\EDISKDLL.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\ES.EXE ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\DIGI.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\DIALOG.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\DESVIEW.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\DEFMGR.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\CONTROLS.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\COMWRAP.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\COMUTILS.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\CLIPART.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\ADV_GEOM.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\ARTCNVDLL.DLL ()
MOD - c:\Program Files\Wilcom\ES2006\BIN\ACCUGNT5.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (uolraw) -- File not found
SRV - (MSUpdqtesqi) -- File not found
SRV - (MSUpdqqtewsz) -- File not found
SRV - (HidServ) -- File not found
SRV - (WamlSvc) -- C:\WINDOWS\system32\tcpwamllib.exe ()
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (CLPSLS) -- C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe (COMODO)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\NLSSRV32.EXE (Nalpeiron Ltd.)
SRV - (NitroDriverReadSpool) -- C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe (Nitro PDF Software)
SRV - (DAUpdaterSvc) -- K:\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)


========== Driver Services (SafeList) ==========

DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (NVHDA) -- C:\WINDOWS\system32\drivers\nvhda32.sys (NVIDIA Corporation)
DRV - (Inspect) -- C:\WINDOWS\System32\DRIVERS\inspect.sys (COMODO)
DRV - (cmdHlp) -- C:\WINDOWS\system32\drivers\cmdhlp.sys (COMODO)
DRV - (cmdGuard) -- C:\WINDOWS\system32\drivers\cmdGuard.sys (COMODO)
DRV - (ss_mdm) -- C:\WINDOWS\system32\drivers\ss_mdm.sys (MCCI Corporation)
DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\WINDOWS\system32\drivers\ss_bus.sys (MCCI Corporation)
DRV - (ss_mdfl) -- C:\WINDOWS\system32\drivers\ss_mdfl.sys (MCCI Corporation)
DRV - (pneteth) -- C:\WINDOWS\system32\drivers\pneteth.sys (June Fabrics Technology Inc.)
DRV - (andnetndis) -- C:\WINDOWS\system32\drivers\lgandnetndis.sys (LG Electronics Inc)
DRV - (ANDNetModem) -- C:\WINDOWS\system32\drivers\lgandnetmodem.sys (LG Electronics Inc.)
DRV - (AndNetGps) -- C:\WINDOWS\system32\drivers\lgandnetgps.sys (LG Electronics Inc.)
DRV - (AndNetDiag) -- C:\WINDOWS\system32\drivers\lgandnetdiag.sys (LG Electronics Inc.)
DRV - (ANDModem) -- C:\WINDOWS\system32\drivers\lgandmodem.sys (LG Electronics Inc.)
DRV - (AndGps) -- C:\WINDOWS\system32\drivers\lgandgps.sys (LG Electronics Inc.)
DRV - (AndDiag) -- C:\WINDOWS\system32\drivers\lganddiag.sys (LG Electronics Inc.)
DRV - (Andbus) -- C:\WINDOWS\system32\drivers\lgandbus.sys (LG Electronics Inc.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (AladdinUsbFilter) -- C:\WINDOWS\system32\DRIVERS\AladdinUsbFilter.sys (Compuware Corporation)
DRV - (vusbbus) -- C:\WINDOWS\system32\drivers\vusbbus.sys (none)
DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\androidusb.sys (Google Inc)
DRV - (42555462) -- C:\WINDOWS\system32\DRIVERS\42555462.sys (Kaspersky Lab)
DRV - (setup_9.0.0.722_01.09.2010_04-16drv) -- C:\WINDOWS\system32\drivers\4255546.sys (Kaspersky Lab)
DRV - (LgBttPort) -- C:\WINDOWS\system32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (42555461) -- C:\WINDOWS\system32\drivers\42555461.sys (Kaspersky Lab)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (speedfan) -- C:\WINDOWS\system32\speedfan.sys (Windows ® 2000 DDK provider)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (Hardlock) -- C:\WINDOWS\system32\drivers\hardlock.sys (Aladdin Knowledge Systems Ltd.)
DRV - (aksusb) -- C:\WINDOWS\system32\drivers\aksusb.sys (Aladdin Knowledge Systems Ltd.)
DRV - (akshasp) -- C:\WINDOWS\system32\drivers\akshasp.sys (Aladdin Knowledge Systems Ltd.)
DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows ® 2000 DDK provider)
DRV - (wntpport) -- C:\WINDOWS\System32\drivers\WNTPPORT.SYS (Vireo Software)
DRV - (giveio) -- C:\WINDOWS\system32\giveio.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?o=15161&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}:1.0
FF - prefs.js..network.proxy.type: 4

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}: C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\{00ADD29A-66F4-4f22-BCC0-4C1D29DA647B}\ [2010/12/21 23:05:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/18 14:01:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/07/02 11:03:41 | 000,000,000 | ---D | M]

[2010/05/13 12:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MJ\Application Data\Mozilla\Extensions
[2011/08/21 05:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\extensions
[2010/10/07 03:46:01 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\extensions\[email protected]
[2011/07/12 14:01:16 | 000,002,569 | ---- | M] () -- C:\Documents and Settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\searchplugins\askcom.xml
[2011/08/23 20:22:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/08/23 20:22:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MJ\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\9J7ISRN4.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI
[2011/08/23 20:22:25 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/06/14 19:43:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/08/18 14:01:16 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/08/23 20:22:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/23 21:17:52 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll (Megaupload Limited)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe (SONIX)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [shell] C:\WINDOWS\System32\net1.exe (Microsoft Corporation)
O4 - HKLM..\Run: [tsnp2uvc] C:\WINDOWS\tsnp2uvc.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\MJ\Start Menu\Programs\Startup\PdaNet Desktop.lnk = C:\Program Files\PdaNet for Android\PdaNetPC.exe ()
O4 - Startup: C:\Documents and Settings\MJ\Start Menu\Programs\Startup\setup_9.0.0.722_01.09.2010_04-16.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Image - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Memo - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Save as Mobile Text file - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync (R-Click) - Set as Mobile Wallpaper - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O8 - Extra context menu item: LG Air Sync Option - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll (Mobile Leader Co.,Ltd.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 202.8.224.36 202.8.224.39
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\WINDOWS\system32\guard32.dll) - C:\WINDOWS\system32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/14 00:41:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/23 22:10:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i4080
[2011/08/23 21:59:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6474
[2011/08/23 20:39:58 | 004,181,405 | R--- | C] (Swearware) -- C:\Documents and Settings\MJ\Desktop\ComboFix.exe
[2011/08/23 20:31:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/08/23 20:23:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/23 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/08/23 19:51:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6231
[2011/08/23 19:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Application Data\SUPERAntiSpyware.com
[2011/08/23 19:37:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/23 19:37:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/23 19:37:38 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/23 18:12:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/08/23 16:36:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/23 12:51:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i2383
[2011/08/23 12:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Combined Community Codec Pack
[2011/08/23 11:13:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Yahoo!
[2011/08/23 09:15:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i8291
[2011/08/23 08:04:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i7469
[2011/08/23 07:49:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i7384
[2011/08/23 07:19:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6926
[2011/08/23 07:04:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i5526
[2011/08/23 06:31:56 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/23 06:21:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i5169
[2011/08/23 05:50:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/23 05:50:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/23 05:50:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/23 05:50:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/23 05:49:30 | 000,000,000 | R--D | C] -- C:\Documents and Settings\MJ\Start Menu\Programs\Administrative Tools
[2011/08/23 05:43:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/23 05:42:12 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/23 03:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\DoctorWeb
[2011/08/23 03:32:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6949
[2011/08/23 03:08:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i3677
[2011/08/23 02:53:09 | 000,000,000 | ---D | C] -- C:\VundoFix Backups
[2011/08/23 02:45:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i6521
[2011/08/23 02:07:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Application Data\Malwarebytes
[2011/08/23 02:07:04 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/08/23 02:07:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/23 02:07:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/08/23 02:06:59 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/08/23 02:06:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/08/23 01:45:57 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/23 01:16:08 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i8042
[2011/08/23 00:26:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i7242
[2011/08/22 20:50:30 | 000,000,000 | ---D | C] -- C:\Clipart
[2011/08/22 20:50:03 | 000,028,416 | ---- | C] (Vireo Software) -- C:\WINDOWS\System32\drivers\WNTPPORT.SYS
[2011/08/22 20:50:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wilcom 2006
[2011/08/15 13:45:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\My Documents\Any Video Converter
[2011/08/15 13:15:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Application Data\FVDToolbar
[2011/08/12 05:42:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Application Data\Avira
[2011/08/12 05:28:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/08/12 05:28:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/08/12 05:28:01 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/08/12 05:28:01 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/08/12 05:28:01 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/08/12 05:28:01 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/08/12 05:28:00 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/12 05:28:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/08/12 05:24:20 | 000,000,000 | ---D | C] -- C:\Avira
[2011/08/12 00:27:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\i4022
[2011/08/01 06:14:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Application Data\FVD Suite
[2011/07/31 12:13:56 | 000,000,000 | -H-D | C] -- C:\Program Files\FVD Suite
[2011/07/25 09:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\My Documents\The Witcher
[2011/07/25 09:46:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\MJ\Local Settings\Application Data\The Witcher
[2011/07/25 07:10:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\The Witcher
[2011/07/25 06:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Witcher Enhanced Edition
[2010/10/12 21:20:43 | 000,184,320 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[2010/05/24 04:55:40 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\MJ\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/23 22:07:00 | 000,000,966 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003UA.job
[2011/08/23 22:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex1.exe
[2011/08/23 22:04:21 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\onf1.dat
[2011/08/23 22:00:26 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lcuwnf.sys
[2011/08/23 21:58:40 | 003,153,920 | ---- | M] () -- C:\WINDOWS\System32\secedit.sdb
[2011/08/23 21:50:04 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile
[2011/08/23 21:49:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/23 21:43:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex123.exe
[2011/08/23 21:42:28 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\onf123.dat
[2011/08/23 21:37:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\onfwser.dat
[2011/08/23 21:17:52 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/23 21:05:43 | 004,181,405 | R--- | M] (Swearware) -- C:\Documents and Settings\MJ\Desktop\ComboFix.exe
[2011/08/23 21:01:34 | 000,000,070 | ---- | M] () -- C:\xp1433.exe
[2011/08/23 20:58:56 | 000,122,672 | ---- | M] () -- C:\WINDOWS\System32\shift.exe
[2011/08/23 20:58:12 | 000,000,108 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat
[2011/08/23 20:58:11 | 000,000,083 | ---- | M] () -- C:\WINDOWS\System32\sb.dat
[2011/08/23 20:39:30 | 002,419,140 | ---- | M] () -- C:\Documents and Settings\MJ\Desktop\MGtools.exe
[2011/08/23 19:37:41 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 19:05:58 | 000,465,298 | ---- | M] () -- C:\Documents and Settings\MJ\Desktop\RootRepeal.rar
[2011/08/23 15:31:43 | 002,812,416 | ---- | M] () -- C:\WINDOWS\System32\on360se.exe
[2011/08/23 15:30:06 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\onf360se.dat
[2011/08/23 11:06:42 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\eeggjjll.exe
[2011/08/23 10:51:31 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\JJMMOOQQ.exe
[2011/08/23 10:36:25 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\MPPRRTTW.exe
[2011/08/23 10:32:48 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\qssuuxxz.exe
[2011/08/23 10:06:24 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\AAyyvvtt.exe
[2011/08/23 09:51:46 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\OOMMKKII.exe
[2011/08/23 09:48:01 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\bddffiik.exe
[2011/08/23 09:33:05 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ruuwwyyB.exe
[2011/08/23 09:23:09 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\IILLNNPP.exe
[2011/08/23 09:22:28 | 000,000,067 | ---- | M] () -- C:\xp360rp.exe
[2011/08/23 09:03:04 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\QSSVVXXZ.exe
[2011/08/23 08:47:51 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\VTTRROOM.exe
[2011/08/23 08:32:54 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ECCAAxxv.exe
[2011/08/23 08:18:10 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\AAxxvvtt.exe
[2011/08/23 08:02:45 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\NKKIIGGD.exe
[2011/08/23 07:47:51 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\roommkki.exe
[2011/08/23 07:32:50 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ppssuuww.exe
[2011/08/23 07:17:57 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\UXZbegil.exe
[2011/08/23 07:02:41 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\qsvxzCEG.exe
[2011/08/23 06:33:56 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\KNPRUWYb.exe
[2011/08/23 06:32:06 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/23 05:06:30 | 000,001,991 | ---- | M] () -- C:\WINDOWS\System32\gaibian.com
[2011/08/23 02:46:01 | 000,092,160 | -HS- | M] () -- C:\WINDOWS\System32\tcpwamllib.exe
[2011/08/23 02:07:04 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/23 02:06:29 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\MJ\Desktop\mbam-setup-1.51.1.1800.exe
[2011/08/22 22:47:44 | 001,482,795 | ---- | M] () -- C:\WINDOWS\System32\TORO_57FD245C.hasp
[2011/08/22 22:47:44 | 001,482,795 | ---- | M] () -- C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp
[2011/08/22 22:42:01 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\MJ\My Documents\test1.ID
[2011/08/22 22:26:17 | 000,001,753 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Wilcom ES Designer 2006.lnk
[2011/08/22 21:07:00 | 000,000,914 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003Core.job
[2011/08/22 20:12:34 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/15 07:11:45 | 000,176,640 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/12 04:46:04 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\prvlcl.dat
[2011/08/12 02:39:31 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\SysS.xml
[2011/08/12 02:39:26 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\mcsql.vbs
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/23 22:05:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex1.exe
[2011/08/23 22:00:26 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lcuwnf.sys
[2011/08/23 21:43:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex123.exe
[2011/08/23 21:37:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\onfwser.dat
[2011/08/23 21:01:34 | 000,000,070 | ---- | C] () -- C:\xp1433.exe
[2011/08/23 20:58:15 | 000,122,672 | ---- | C] () -- C:\WINDOWS\System32\shift.exe
[2011/08/23 20:40:31 | 002,419,140 | ---- | C] () -- C:\Documents and Settings\MJ\Desktop\MGtools.exe
[2011/08/23 20:40:31 | 000,465,298 | ---- | C] () -- C:\Documents and Settings\MJ\Desktop\RootRepeal.rar
[2011/08/23 19:37:41 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/23 15:30:11 | 002,812,416 | ---- | C] () -- C:\WINDOWS\System32\on360se.exe
[2011/08/23 15:30:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\onf360se.dat
[2011/08/23 11:06:14 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\eeggjjll.exe
[2011/08/23 10:51:10 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\JJMMOOQQ.exe
[2011/08/23 10:36:10 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\MPPRRTTW.exe
[2011/08/23 10:21:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\qssuuxxz.exe
[2011/08/23 10:06:08 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\AAyyvvtt.exe
[2011/08/23 09:51:18 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\OOMMKKII.exe
[2011/08/23 09:47:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\bddffiik.exe
[2011/08/23 09:32:40 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ruuwwyyB.exe
[2011/08/23 09:17:51 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\IILLNNPP.exe
[2011/08/23 09:02:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\QSSVVXXZ.exe
[2011/08/23 08:51:42 | 000,000,067 | ---- | C] () -- C:\xp360rp.exe
[2011/08/23 08:47:33 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\VTTRROOM.exe
[2011/08/23 08:32:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ECCAAxxv.exe
[2011/08/23 08:17:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\AAxxvvtt.exe
[2011/08/23 08:02:34 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\NKKIIGGD.exe
[2011/08/23 07:47:38 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\roommkki.exe
[2011/08/23 07:32:31 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ppssuuww.exe
[2011/08/23 07:17:32 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\UXZbegil.exe
[2011/08/23 07:02:30 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\qsvxzCEG.exe
[2011/08/23 06:33:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\KNPRUWYb.exe
[2011/08/23 06:32:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/23 06:31:59 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/23 05:50:18 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/23 05:50:18 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/23 05:50:18 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/23 05:50:18 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/23 05:50:18 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/23 05:06:23 | 000,001,991 | ---- | C] () -- C:\WINDOWS\System32\gaibian.com
[2011/08/23 02:46:01 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\tcpwamllib.exe
[2011/08/23 02:07:04 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/22 23:18:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onf123.dat
[2011/08/22 22:43:50 | 001,482,795 | ---- | C] () -- C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp
[2011/08/22 22:42:01 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\MJ\My Documents\test1.ID
[2011/08/22 22:05:20 | 000,001,753 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Wilcom ES Designer 2006.lnk
[2011/08/22 20:50:03 | 000,020,644 | ---- | C] () -- C:\WINDOWS\System32\EMTRANS.VXD
[2011/08/12 02:39:31 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\SysS.xml
[2011/08/12 02:39:26 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\mcsql.vbs
[2011/08/12 00:52:04 | 000,000,108 | ---- | C] () -- C:\WINDOWS\System32\gouri.bat
[2011/08/12 00:52:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\sb.dat
[2011/08/12 00:26:55 | 003,153,920 | ---- | C] () -- C:\WINDOWS\System32\secedit.sdb
[2011/08/11 23:54:19 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\onf1.dat
[2011/08/02 10:23:44 | 001,406,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-448539723-725345543-1004-0.dat
[2011/07/31 23:22:09 | 001,571,278 | ---- | C] () -- C:\Documents and Settings\MJ\R44II+POH.pdf
[2011/07/24 17:57:20 | 002,123,582 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/07/20 20:52:18 | 001,406,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-220523388-448539723-725345543-1003-0.dat
[2011/07/20 20:52:11 | 001,406,998 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/06/03 16:04:21 | 002,332,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/27 14:19:32 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2011/04/27 14:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/04/27 14:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/04/27 14:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/04/27 14:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/01/23 12:39:04 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/01/23 12:38:59 | 000,273,344 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/01/23 12:38:59 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/10/12 21:20:42 | 000,320,512 | ---- | C] () -- C:\WINDOWS\tsnp2uvc.exe
[2010/10/11 14:33:04 | 000,075,128 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/01 22:24:01 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/09/16 22:46:33 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\myMPQ.ini
[2010/07/12 14:39:26 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/29 12:34:58 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\StarOpen.sys
[2010/06/24 13:54:35 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/05/24 04:55:59 | 000,001,189 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\vso_ts_preview.xml
[2010/05/24 04:55:40 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\pcouffin.cat
[2010/05/24 04:55:40 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\MJ\Application Data\pcouffin.inf
[2010/05/22 13:42:00 | 000,982,196 | R--- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2010/05/22 13:42:00 | 000,417,344 | R--- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2010/05/21 20:39:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_85026.exe
[2010/05/21 16:56:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_17573.exe
[2010/05/19 00:04:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\asr_10864.exe
[2010/05/17 02:11:07 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/05/17 02:11:07 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/05/16 15:00:00 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\prvlcl.dat
[2010/05/14 21:49:36 | 000,176,640 | ---- | C] () -- C:\Documents and Settings\MJ\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/14 00:48:22 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2010/05/14 00:48:16 | 000,001,769 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010/05/14 00:48:12 | 000,023,175 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/05/14 00:48:12 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010/05/14 00:42:15 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 00:38:54 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/05/13 17:28:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/05/13 17:28:00 | 032,586,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/05/13 12:16:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/17 11:13:30 | 000,508,224 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2004/08/04 07:07:22 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 06:56:58 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\wscript.exe
[2004/08/02 20:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/07/17 17:36:38 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2002/10/16 06:54:04 | 000,178,176 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2001/08/23 19:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 19:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 19:00:00 | 000,513,788 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 19:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 19:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 19:00:00 | 000,091,786 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 19:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 19:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 19:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 19:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1996/04/04 03:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/05/16 17:29:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ashampoo
[2011/02/23 19:59:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/05/14 22:15:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/07/24 11:53:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/03/15 08:13:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/13 20:22:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/06/03 15:00:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/05/24 06:19:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2010/10/22 04:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\adma
[2011/06/03 21:38:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\AnvSoft
[2010/05/16 17:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Ashampoo
[2010/07/24 11:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Canon
[2011/03/13 20:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Downloaded Installations
[2011/06/13 12:12:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Foxreal
[2011/08/15 13:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\FVDToolbar
[2010/06/27 07:03:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Leawo
[2010/05/13 10:27:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Megaupload
[2010/12/21 18:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\ML
[2011/08/08 13:09:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Nitro PDF
[2010/05/29 05:11:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\runic games
[2011/06/03 20:46:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Samsung
[2010/06/23 12:51:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\The Creative Assembly
[2011/08/23 22:16:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\uTorrent
[2010/11/08 07:42:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\MJ\Application Data\Vso

========== Purity Check ==========



< End of report >


Extras.Txt

OTL Extras logfile created on: 8/23/2011 2:17:10 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\MJ\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00003409 | Country: Republic of the Philippines | Language: ENP | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.04 Gb Available Physical Memory | 52.03% Memory free
3.85 Gb Paging File | 2.79 Gb Available in Paging File | 72.62% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 97.65 Gb Total Space | 2.86 Gb Free Space | 2.93% Space Free | Partition Type: NTFS
Drive D: | 97.65 Gb Total Space | 20.27 Gb Free Space | 20.76% Space Free | Partition Type: NTFS
Drive E: | 292.97 Gb Total Space | 7.31 Gb Free Space | 2.50% Space Free | Partition Type: NTFS
Drive K: | 443.22 Gb Total Space | 3.92 Gb Free Space | 0.88% Space Free | Partition Type: NTFS
Drive M: | 1.40 Mb Total Space | 0.52 Mb Free Space | 36.77% Space Free | Partition Type: FAT

Computer Name: HERMANO-8050049 | User Name: MJ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9277:TCP" = 9277:TCP:*:Enabled:sopvfmjl
"3703:TCP" = 3703:TCP:*:Enabled:Adobe Version Cue CS3 Server
"3704:TCP" = 3704:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50900:TCP" = 50900:TCP:*:Enabled:Adobe Version Cue CS3 Server
"50901:TCP" = 50901:TCP:*:Enabled:Adobe Version Cue CS3 Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe" = C:\Program Files\CAPCOM\STREETFIGHTERIV\StreetFighterIV.exe:*:Enabled:STREET FIGHTER IV -- (CAPCOM U.S.A., INC.)
"C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe" = C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe:*:Enabled:Adobe Version Cue CS3 Server -- (Adobe Systems Incorporated)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"K:\Atari\Neverwinter Nights 2\nwn2main.exe" = K:\Atari\Neverwinter Nights 2\nwn2main.exe:*:Enabled:Neverwinter Nights 2 Main -- (Obsidian Entertainment, Inc.)
"K:\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe" = K:\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:*:Enabled:Neverwinter Nights 2 AMD -- (Obsidian Entertainment, Inc.)
"K:\Atari\Neverwinter Nights 2\nwupdate.exe" = K:\Atari\Neverwinter Nights 2\nwupdate.exe:*:Enabled:Neverwinter Nights 2 Updater -- (Obsidian Entertainment, Inc.)
"K:\Atari\Neverwinter Nights 2\nwn2server.exe" = K:\Atari\Neverwinter Nights 2\nwn2server.exe:*:Enabled:Neverwinter Nights 2 Server -- (Obsidian Entertainment, Inc.)
"K:\Dragon Age\bin_ship\daorigins.exe" = K:\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"K:\Dragon Age\DAOriginsLauncher.exe" = K:\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"K:\Dragon Age\bin_ship\daupdatersvc.service.exe" = K:\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\WINDOWS\system32\muzapp.exe" = C:\WINDOWS\system32\muzapp.exe:*:Enabled:MUZ AOD APP player -- (Musiccity Co.Ltd.)
"C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{014534FF-1D46-4A77-9B48-29EFD145995B}" = AntiLogger
"{01E9A8A2-263E-42C3-B9BA-C54FBC39F1D2}" = Terrafirma
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05B49229-22A2-4F88-842A-BBC2EBE1CCF6}" = Microsoft Games for Windows - LIVE Redistributable
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP1900_series" = Canon iP1900 series Printer Driver
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2413" = CanoScan LiDE 100 Scanner Driver
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server
"{1E63109B-31EC-46E1-9A51-500B17682EDA}_is1" = The Last Remnant
"{21F4E87E-721A-4881-97A4-34F554054CE8}" = Experience Study Developer V1.1
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{32A3A4F4-B792-11D6-A78A-00B0D0160230}" = Java™ SE Development Kit 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D243BA7-9AC4-46D1-90E5-EEB88974F501}" = Microsoft Games for Windows - LIVE
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59ABBDF0-E1E5-48AF-85FB-F523A08C3490}" = STREET FIGHTER IV
"{5C85747A-91B6-4233-AAF8-063506D0FF4F}" = LG United Mobile Drivers
"{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6BFDC0CD-ADF5-49F6-8A47-3177EF2AE6D2}" = Google Book Downloader
"{6D025DA9-C5C9-44D5-9B6E-83D42648F453}" = Wilcom ES and Design Workflow 2006
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{80E4B2D6-BFF2-402C-96C4-3942DF24CABB}_is1" = FVD Suite 2.6.6
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9E82D1DB-3AFB-4D18-A221-081F1B4B4789}" = Topaz DeNoise 5
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A31A5DFC-3439-48FC-99BB-5174168AE471}" = COMODO livePCsupport
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{A75D63B4-CC9A-4832-B791-01A2F2C93856}" = Nitro PDF Professional
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.85
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.11.326
"{DBE73977-170A-4742-AB28-CA41B06A63AA}_is1" = The Witcher Enhanced Edition
"{DD401D5B-35E2-4EA4-8585-4A44CB2DCC78}" = Jade Empire
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F139C955-376C-45CA-9C34-C77000AB73BC}" = 黄金夢想曲
"{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD8E178D-8B4E-42DA-B434-EFF270329B1C}" = COMODO Internet Security
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFB768E4-E427-4553-BC36-A11F5E62A94D}" = Adobe Flash Player 10 ActiveX
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Android SDK Tools" = Android SDK Tools
"AntiLogger" = AntiLogger
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"CDisplay_is1" = CDisplay 1.8
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2010-10-10
"DirectVobSub" = DirectVobSub (remove only)
"EASEUS Data Recovery Wizard Free Edition 5.0.1_is1" = EASEUS Data Recovery Wizard Free Edition 5.0.1
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"HDMI" = Intel® Graphics Media Accelerator Driver
"Hex Toolbox" = Hex Toolbox
"HijackThis" = HijackThis 2.0.2
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KeyHoleTV" = KeyHoleTV
"LG PC Suite IV" = LG PC Suite IV
"Magic_the_Gathering" = Magic the Gathering
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"mIRC" = mIRC
"MKVtoolnix" = MKVtoolnix 4.3.0
"Mozilla Firefox 6.0 (x86 en-US)" = Mozilla Firefox 6.0 (x86 en-US)
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"pcsx2-r3878" = PCSX2 - Playstation 2 Emulator
"PdaNet_is1" = PdaNet for Android 3.00
"PowerISO" = PowerISO
"Runic Games Torchlight" = Torchlight
"SopCast" = SopCast 3.3.2
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"uTorrent" = µTorrent
"VobSub" = VobSub v2.23 (Remove Only)
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wget-1.11.4-1_is1" = GnuWin32: Wget-1.11.4-1
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Chikka Messenger" = Chikka Messenger
"Dragon Age Redesigned © Morrigan" = Dragon Age Redesigned © Morrigan
"Dragon Age Redesigned Oghren©" = Dragon Age Redesigned Oghren©
"Dragon Age Redesigned©" = Dragon Age Redesigned©
"Dragon Age Redesigned© Zevran" = Dragon Age Redesigned© Zevran
"Dragon Age Redesigned© Leliana" = Dragon Age Redesigned© Leliana
"Dragon Age Redesigned© Wynne" = Dragon Age Redesigned© Wynne
"Google Chrome" = Google Chrome
"InstallShield_{64893225-ADBA-469E-B114-F3B2C1FBBA77}" = RTKXI
"oDVT" = oDesk Team

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/21/2011 6:39:11 PM | Computer Name = HERMANO-8050049 | Source = Application Error | ID = 1000
Description = Faulting application es.exe, version 0.0.0.0, faulting module es.exe,
version 0.0.0.0, fault address 0x0036502d.

Error - 8/22/2011 9:50:26 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


Error - 8/22/2011 9:50:27 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


Error - 8/22/2011 9:50:27 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


Error - 8/22/2011 9:50:27 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


Error - 8/22/2011 9:57:07 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18204 : BackupDiskFile::OpenMedia: Backup device 'C:\Clipart\ClipArt.bak'
failed to open. Operating system error = 2(The system cannot find the file specified.).


Error - 8/22/2011 10:22:06 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


Error - 8/22/2011 10:22:07 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


Error - 8/22/2011 10:22:07 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


Error - 8/22/2011 10:22:07 AM | Computer Name = HERMANO-8050049 | Source = MSSQLSERVER | ID = 17055
Description = 18272 : I/O error on backup or restore restart-checkpoint file 'C:\Program
Files\Microsoft SQL Server\MSSQL\backup\ClipArt.ckp'. Operating system error 3(The
system cannot find the path specified.). The statement is proceeding but is non-restartable.


[ System Events ]
Error - 8/22/2011 12:57:08 PM | Computer Name = HERMANO-8050049 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
42555461 AFD avgio avipbb cmdGuard cmdHlp Fips intelppm IPSec MRxSmb NetBIOS NetBT oreans32
RasAcd
Rdbss
SCDEmu
setup_9.0.0.722_01.09.2010_04-16drv
ssmdrv
Tcpip

Error - 8/22/2011 12:59:33 PM | Computer Name = HERMANO-8050049 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/22/2011 12:59:33 PM | Computer Name = HERMANO-8050049 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/22/2011 12:59:33 PM | Computer Name = HERMANO-8050049 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/22/2011 12:59:33 PM | Computer Name = HERMANO-8050049 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 8/22/2011 1:08:15 PM | Computer Name = HERMANO-8050049 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 8/22/2011 1:10:43 PM | Computer Name = HERMANO-8050049 | Source = Service Control Manager | ID = 7023
Description = The Network Center service terminated with the following error: %%126

Error - 8/22/2011 1:14:14 PM | Computer Name = HERMANO-8050049 | Source = Service Control Manager | ID = 7034
Description = The Microwsoft Windows Uqdatexhk Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/22/2011 1:14:20 PM | Computer Name = HERMANO-8050049 | Source = Service Control Manager | ID = 7034
Description = The Microsoft Windows Uqdatejtk Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 8/22/2011 1:29:22 PM | Computer Name = HERMANO-8050049 | Source = Service Control Manager | ID = 7023
Description = The Network Center service terminated with the following error: %%126


< End of report >

Combofix.txt

ComboFix 11-08-23.03 - MJ 08/23/2011 22:27:37.5.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1144 [GMT 8:00]
Running from: c:\documents and settings\MJ\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\hex1.exe
c:\windows\system32\hex123.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-23 14:17 . 2011-08-23 14:19 -------- d-----w- c:\windows\system32\i9041
2011-08-23 14:10 . 2011-08-23 14:12 -------- d-----w- c:\windows\system32\i4080
2011-08-23 14:00 . 2011-08-23 14:00 54016 ----a-w- c:\windows\system32\drivers\lcuwnf.sys
2011-08-23 13:59 . 2011-08-23 14:01 -------- d-----w- c:\windows\system32\i6474
2011-08-23 13:43 . 2011-08-23 13:43 0 ----a-w- c:\documents and settings\hex123.exe
2011-08-23 13:37 . 2011-08-23 13:37 1460 ----a-w- c:\documents and settings\onwser.exe
2011-08-23 13:01 . 2011-08-23 13:01 70 ----a-w- C:\xp1433.exe
2011-08-23 12:58 . 2011-08-23 12:58 122672 ----a-w- c:\windows\system32\shift.exe
2011-08-23 12:23 . 2011-08-23 12:23 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 12:22 . 2011-08-23 12:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-23 12:22 . 2011-08-23 12:22 -------- d-----w- c:\program files\Java
2011-08-23 11:51 . 2011-08-23 11:54 -------- d-----w- c:\windows\system32\i6231
2011-08-23 11:38 . 2011-08-23 11:38 -------- d-----w- c:\documents and settings\MJ\Application Data\SUPERAntiSpyware.com
2011-08-23 11:37 . 2011-08-23 11:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-23 11:37 . 2011-08-23 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-23 11:19 . 2011-08-23 11:19 53248 ----a-w- c:\documents and settings\hex1.exe
2011-08-23 08:36 . 2011-08-23 08:36 -------- d-----w- C:\_OTL
2011-08-23 07:30 . 2011-08-23 07:31 2812416 ----a-w- c:\windows\system32\on360se.exe
2011-08-23 04:51 . 2011-08-23 04:52 -------- d-----w- c:\windows\system32\i2383
2011-08-23 03:13 . 2011-08-23 03:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-08-23 03:06 . 2011-08-23 03:06 130048 ----a-w- c:\windows\system32\eeggjjll.exe
2011-08-23 02:51 . 2011-08-23 02:51 130048 ----a-w- c:\windows\system32\JJMMOOQQ.exe
2011-08-23 02:36 . 2011-08-23 02:36 130048 ----a-w- c:\windows\system32\MPPRRTTW.exe
2011-08-23 02:21 . 2011-08-23 02:32 69632 ----a-w- c:\windows\system32\qssuuxxz.exe
2011-08-23 02:06 . 2011-08-23 02:06 130048 ----a-w- c:\windows\system32\AAyyvvtt.exe
2011-08-23 01:51 . 2011-08-23 01:51 130048 ----a-w- c:\windows\system32\OOMMKKII.exe
2011-08-23 01:47 . 2011-08-23 01:48 130048 ----a-w- c:\windows\system32\bddffiik.exe
2011-08-23 01:32 . 2011-08-23 01:33 130048 ----a-w- c:\windows\system32\ruuwwyyB.exe
2011-08-23 01:17 . 2011-08-23 01:23 130048 ----a-w- c:\windows\system32\IILLNNPP.exe
2011-08-23 01:15 . 2011-08-23 07:45 -------- d-----w- c:\windows\system32\i8291
2011-08-23 01:02 . 2011-08-23 01:03 130048 ----a-w- c:\windows\system32\QSSVVXXZ.exe
2011-08-23 00:51 . 2011-08-23 01:22 67 ----a-w- C:\xp360rp.exe
2011-08-23 00:47 . 2011-08-23 00:47 130048 ----a-w- c:\windows\system32\VTTRROOM.exe
2011-08-23 00:32 . 2011-08-23 00:32 130048 ----a-w- c:\windows\system32\ECCAAxxv.exe
2011-08-23 00:17 . 2011-08-23 00:18 130048 ----a-w- c:\windows\system32\AAxxvvtt.exe
2011-08-23 00:04 . 2011-08-23 07:45 -------- d-----w- c:\windows\system32\i7469
2011-08-23 00:02 . 2011-08-23 00:02 130048 ----a-w- c:\windows\system32\NKKIIGGD.exe
2011-08-22 23:49 . 2011-08-22 23:50 -------- d-----w- c:\windows\system32\i7384
2011-08-22 23:47 . 2011-08-22 23:47 130048 ----a-w- c:\windows\system32\roommkki.exe
2011-08-22 23:32 . 2011-08-22 23:32 130048 ----a-w- c:\windows\system32\ppssuuww.exe
2011-08-22 23:19 . 2011-08-22 23:20 -------- d-----w- c:\windows\system32\i6926
2011-08-22 23:17 . 2011-08-22 23:17 130048 ----a-w- c:\windows\system32\UXZbegil.exe
2011-08-22 23:04 . 2011-08-22 23:05 -------- d-----w- c:\windows\system32\i5526
2011-08-22 23:02 . 2011-08-22 23:02 130048 ----a-w- c:\windows\system32\qsvxzCEG.exe
2011-08-22 22:33 . 2011-08-22 22:33 130048 ----a-w- c:\windows\system32\KNPRUWYb.exe
2011-08-22 22:21 . 2011-08-22 22:22 -------- d-----w- c:\windows\system32\i5169
2011-08-22 21:06 . 2011-08-22 21:06 1991 ----a-w- c:\windows\system32\gaibian.com
2011-08-22 19:45 . 2011-08-22 19:45 -------- d-----w- c:\documents and settings\MJ\DoctorWeb
2011-08-22 19:32 . 2011-08-22 19:34 -------- d-----w- c:\windows\system32\i6949
2011-08-22 19:08 . 2011-08-22 19:10 -------- d-----w- c:\windows\system32\i3677
2011-08-22 18:53 . 2011-08-22 18:53 -------- d-----w- C:\VundoFix Backups
2011-08-22 18:46 . 2011-08-22 18:46 92160 --sha-w- c:\windows\system32\tcpwamllib.exe
2011-08-22 18:45 . 2011-08-22 18:46 -------- d-----w- c:\windows\system32\i6521
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\MJ\Application Data\Malwarebytes
2011-08-22 18:07 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-22 18:06 . 2011-08-22 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 18:06 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 17:16 . 2011-08-22 17:20 -------- d-----w- c:\windows\system32\i8042
2011-08-22 16:26 . 2011-08-22 17:09 -------- d-----w- c:\windows\system32\i7242
2011-08-22 12:50 . 2011-08-22 14:06 -------- d-----w- C:\Clipart
2011-08-22 12:50 . 2003-08-01 05:00 13359 ----a-w- c:\windows\system32\drivers\SYDEXFDD.SYS
2011-08-22 12:50 . 2001-01-19 07:21 28416 ----a-w- c:\windows\system32\drivers\WNTPPORT.SYS
2011-08-22 12:50 . 2000-05-03 09:26 244232 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2011-08-22 12:50 . 1999-05-06 16:00 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-08-22 12:50 . 1998-10-29 08:58 20644 ----a-w- c:\windows\system32\EMTRANS.VXD
2011-08-22 12:50 . 1997-01-21 10:16 133392 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-08-15 05:15 . 2011-08-15 05:15 -------- d-----w- c:\documents and settings\MJ\Application Data\FVDToolbar
2011-08-11 21:42 . 2011-08-11 21:42 -------- d-----w- c:\documents and settings\MJ\Application Data\Avira
2011-08-11 21:28 . 2011-07-21 04:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-11 21:28 . 2011-07-21 04:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-11 21:28 . 2010-06-17 07:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-11 21:28 . 2010-06-17 07:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-11 21:28 . 2011-08-11 21:28 -------- d-----w- c:\program files\Avira
2011-08-11 21:28 . 2011-08-11 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-11 21:24 . 2011-08-11 21:24 -------- d-----w- C:\Avira
2011-08-11 18:39 . 2011-08-11 18:39 0 ----a-w- c:\windows\system32\mcsql.vbs
2011-08-11 16:52 . 2011-08-23 12:58 108 ----a-w- c:\windows\system32\gouri.bat
2011-08-11 16:27 . 2011-08-11 16:29 -------- d-----w- c:\windows\system32\i4022
2011-07-31 22:14 . 2011-07-31 22:16 -------- d-----w- c:\documents and settings\MJ\Local Settings\Application Data\FVD Suite
2011-07-31 04:16 . 2011-07-31 04:57 -------- d-----w- c:\documents and settings\Irving\Local Settings\Application Data\FVD Suite
2011-07-31 04:13 . 2011-08-15 05:15 -------- d--h--w- c:\program files\FVD Suite
2011-07-25 01:46 . 2011-08-10 03:36 -------- d-----w- c:\documents and settings\MJ\Local Settings\Application Data\The Witcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 12:22 . 2010-05-24 13:31 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-08-22 12:26 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP4dd1.tmp
2011-08-22 12:17 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP46bd.tmp
2011-07-05 16:36 . 2011-07-05 16:36 9216 ----a-r- c:\documents and settings\MJ\Application Data\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-08-18 06:01 . 2011-03-23 22:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_22.02.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-23 13:50 . 2011-08-23 13:50 16384 c:\windows\temp\Perflib_Perfdata_698.dat
+ 2011-08-23 13:50 . 2011-08-23 13:50 16384 c:\windows\temp\Perflib_Perfdata_2d0.dat
+ 2011-08-23 01:18 . 2011-08-23 01:21 18980 c:\windows\system32\i8291\D001.exe
+ 2011-08-23 01:15 . 2011-08-23 01:18 37960 c:\windows\system32\i8291\A22.exe
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-23 13:45 . 2011-08-23 13:45 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2011-08-23 12:22 . 2011-08-23 12:22 157472 c:\windows\system32\javaws.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 157472 c:\windows\system32\javaws.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\javaw.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\javaw.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\java.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\java.exe
+ 2011-08-23 12:23 . 2011-08-23 12:23 203776 c:\windows\Installer\749179.msi
+ 2011-08-23 12:22 . 2011-08-23 12:22 902656 c:\windows\Installer\749171.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-27 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-12-11 320512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 2552648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-06 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\MJ\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-6-9 477736]
setup_9.0.0.722_01.09.2010_04-16.lnk - n:\virus removal tool\setup_9.0.0.722_01.09.2010_04-16\startup.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-18 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"k:\\Dragon Age\\bin_ship\\daorigins.exe"=
"k:\\Dragon Age\\DAOriginsLauncher.exe"=
"k:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9277:TCP"= 9277:TCP:sopvfmjl
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 42555462;42555462 Boot Guard Driver;c:\windows\system32\drivers\42555462.sys [9/1/2010 11:53 AM 37392]
R0 AladdinUsbFilter;AladdinUsbFilterService;c:\windows\system32\drivers\AladdinUsbFilter.sys [5/13/2010 8:12 AM 484352]
R1 42555461;42555461;c:\windows\system32\drivers\42555461.sys [9/1/2010 11:53 AM 128016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 12:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 5:55 AM 67664]
R1 setup_9.0.0.722_01.09.2010_04-16drv;setup_9.0.0.722_01.09.2010_04-16drv;c:\windows\system32\drivers\4255546.sys [9/1/2010 11:53 AM 315408]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 7:38 AM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2011 5:28 AM 136360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [12/16/2009 10:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 10:11 AM 65856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/24/2011 5:58 PM 2214504]
R2 wntpport;wntpport;c:\windows\system32\drivers\WNTPPORT.SYS [8/22/2011 8:50 PM 28416]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [8/2/2010 4:19 PM 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [8/2/2010 4:19 PM 20864]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [8/2/2010 4:19 PM 19968]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [8/2/2010 4:19 PM 24960]
R3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [6/9/2011 6:35 PM 31312]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/13/2010 10:02 AM 119528]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [6/9/2011 6:40 PM 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Tcpz-x86;Tcpz-x86;\??\c:\tcpz-x86.sys --> c:\Tcpz-x86.sys [?]
S2 uolraw;Network Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 6:56 AM 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/13/2010 9:56 AM 1684736]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [8/2/2010 4:19 PM 23040]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [8/2/2010 4:19 PM 22272]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [8/2/2010 4:19 PM 27776]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [8/2/2010 4:19 PM 66816]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;k:\dragon age\bin_ship\daupdatersvc.service.exe [12/16/2009 4:07 AM 25832]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [9/29/2009 8:11 AM 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 2:07 AM 41272]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [8/22/2011 8:50 PM 13359]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S4 MSUpdqqtewsz;Microwsoft Windows Uqdatexhk Service;c:\program files\pwdlsc.exe --> c:\program files\pwdlsc.exe [?]
S4 MSUpdqtesqi;Microsoft Windows Uqdatejtk Service;c:\program files\icymys.exe --> c:\program files\icymys.exe [?]
S4 WamlSvc;Windows Infomation Location;c:\windows\system32\tcpwamllib.exe [8/23/2011 2:46 AM 92160]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uolraw
nex0
nex1
nex2
nex3
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003Core.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003UA.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15161&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
TCP: DhcpNameServer = 202.8.224.36 202.8.224.39
TCP: Interfaces\{56E4BDAE-AFFC-4749-8E1C-5F2C133402B6}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D033C36-3894-4E86-818D-2D141154C4BF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8BE85404-7DE2-4429-A5FE-C0B39B413BB3}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-23 22:39
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1056)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1112)
c:\windows\system32\guard32.dll
.
Completion time: 2011-08-23 22:41:47
ComboFix-quarantined-files.txt 2011-08-23 14:41
ComboFix2.txt 2011-08-23 13:20
ComboFix3.txt 2011-08-23 10:42
ComboFix4.txt 2011-08-22 22:49
ComboFix5.txt 2011-08-23 14:25
.
Pre-Run: 3,770,253,312 bytes free
Post-Run: 3,737,776,128 bytes free
.
- - End Of File - - E0C6DF050C539A6DEE0CD89D987D8778
  • 0

#4
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Gmer Log file, this took quite awhile. Had to edit it by removing spaces.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-24 03:38:45
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T1L0-e ST31000528AS rev.CC38
Running: gmer.exe; Driver: C:\DOCUME~1\MJ\LOCALS~1\Temp\kgkdqfob.sys


---- System - GMER 1.0.15 ----

SSDT ; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB149E8B2]
SSDT; B87E7344; ZwClose
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB149DE48]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB149E518]
SSDT; B87E72FE; ZwCreateKey
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB149DD28]
SSDT; B87E734E; ZwCreateSection
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB14A1568]
SSDT; B87E72F4; ZwCreateThread
SSDT; B87E7303; ZwDeleteKey
SSDT; B87E730D; ZwDeleteValueKey
SSDT; B87E733F; ZwDuplicateObject
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateKey [0xB149F864]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwEnumerateValueKey [0xB149FABA]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB14A0BF0]
SSDT; B87E7312; ZwLoadKey
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB149E110]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB149E6F4]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenKey [0xB149F116]
SSDT; B87E72E0; ZwOpenProcess
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB149E3B4]
SSDT; B87E72E5; ZwOpenThread
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryKey [0xB149FCC8]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryMultipleValueKey [0xB14A011C]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwQueryValueKey [0xB149FEDA]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB149F67C]
SSDT; B87E731C; ZwReplaceKey
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB14A068C]
SSDT; B87E7317; ZwRestoreKey
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB14A0940]
SSDT; B87E7353; ZwSetContextThread
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSecurityObject [0xB149EEEE]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB14A0EE8]
SSDT; B87E7308; ZwSetValueKey
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB149E07A]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB149E2A0]
SSDT; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB12BD640]
SSDT; \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB149D918]

Code; \??\C:\DOCUME~1\MJ\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text; ntkrnlpa.exe!ZwCallbackReturn + 2BC4 80503998 4 Bytes CALL B424EAE6
.text; ntkrnlpa.exe!ZwCallbackReturn + 2F58 80503D2C 4 Bytes CALL A701873F
?; brxi.sys; The system cannot find the file specified. !
.text; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB629A3A0, 0x88C445, 0xE8000020]
.text; C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xAF68D400, 0x7960C, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAF72F420] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xAF72F420]
.protect˙˙˙˙hardlockunknown last code section [0xAF72F200, 0x5049, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xAF72F200, 0x5049, 0xE0000020]
?; C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
?; C:\DOCUME~1\MJ\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe[192] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] shell32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] shell32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] shell32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PowerISO\PWRISOVM.EXE[208] shell32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE[252] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[260] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\RTHDCPL.EXE[308] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\spoolsv.exe[564] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\sched.exe[612] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wuauclt.exe[688] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[708] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Java\jre6\bin\jqs.exe[720] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe[952] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtReplyWaitReceivePort 7C90DA8E 5 Bytes JMP 10028AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtReplyWaitReceivePortEx 7C90DA9E 5 Bytes JMP 10028870 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\services.exe[1100] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\lsass.exe[1112] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avguard.exe[1280] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\ctfmon.exe[1380] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avshadow.exe[1404] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO livePCsupport\CLPSLS.exe[1548] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1560] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1628] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ADVAPI32.DLL!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] ADVAPI32.DLL!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] USER32.DLL!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] OLE32.DLL!CoCreateInstanceEx 11C75FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe[1688] OLE32.DLL!CoGetClassObject 11C8F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\tsnp2uvc.exe[1700] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE[1728] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Bonjour\mDNSResponder.exe[1760] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1772] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 005166A0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe[1772] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 0052E5C0 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1804] SHELL32.dll!ShellExecuteW
  • 0

#5
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
GMER Log. Part 2

.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[1884] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[1924] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2008] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\COMODO\COMODO Internet Security\cfp.exe[2108] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 0074A730 C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Nitro PDF\Professional\NitroPDFDriverService.exe[2152] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\NLSSRV32.EXE[2196] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\nvsvc32.exe[2208] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Avira\AntiVir Desktop\avgnt.exe[2216] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Common Files\Java\Java Update\jusched.exe[2288] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\uTorrent\uTorrent.exe[2544] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\wscntfy.exe[2580] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe[2628] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\svchost.exe[2664] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2740] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe[2932] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\PdaNet for Android\PdaNetPC.exe[3044] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\system32\notepad.exe[3668] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] WS2_32.dll!WSASocketW 71AB39CB 7 Bytes JMP 10027970 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] WS2_32.dll!WSASocketA 71AB8769 5 Bytes JMP 10027990 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe[4004] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\notepad.exe[5960] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] shell32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] shell32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] shell32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Desktop\gmer.exe[6580] shell32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] WININET.dll!InternetConnectA 771C308A 5 Bytes JMP 100279D0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\WINDOWS\explorer.exe[6808] WININET.dll!InternetConnectW 771CEDC8 5 Bytes JMP 100279B0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 00, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 1 Byte [28]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 03, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 00, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 01, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90EC1A
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 02, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 01, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 02, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90EC8B
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 00, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90EDB9
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 01, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 02, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 1 Byte [68]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 03, 16, 00]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7680] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 7 Bytes JMP 100277A0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Documents and Settings\MJ\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[7800] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtAllocateVirtualMemory 7C90CF6E 5 Bytes JMP 10027E50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 1001CE40 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtCreateFile 7C90D0AE 5 Bytes JMP 10027E10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtCreateProcess 7C90D14E 5 Bytes JMP 10027ED0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtCreateProcessEx 7C90D15E 5 Bytes JMP 10027EB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtDeleteFile 7C90D23E 5 Bytes JMP 10027E70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtFreeVirtualMemory 7C90D38E 5 Bytes JMP 100274E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtLoadDriver 7C90D46E 5 Bytes JMP 10027E30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtOpenFile 7C90D59E 5 Bytes JMP 10027DF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 10027490 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtSetInformationProcess 7C90DC9E 5 Bytes JMP 10027DB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtUnloadDriver 7C90DEBE 5 Bytes JMP 10027DD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 10027E90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!RtlAllocateHeap 7C9100C4 5 Bytes JMP 10027530 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 10025680 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!LdrUnloadDll 7C916C83 5 Bytes JMP 1001CF60 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ntdll.dll!LdrGetProcedureAddress 7C919328 5 Bytes JMP 10027D90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CreateFileA 7C801A24 5 Bytes JMP 10027CD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 10027A70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!LoadLibraryExW 7C801AF1 7 Bytes JMP 10027D10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!LoadLibraryExA 7C801D4F 5 Bytes JMP 10027D30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!LoadLibraryA 7C801D77 5 Bytes JMP 10027AD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 100226F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 10023280 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!GetProcAddress 7C80ADB0 5 Bytes JMP 10027D70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!LoadLibraryW 7C80AE5B 5 Bytes JMP 10027AB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!GetModuleHandleA 7C80B6B1 5 Bytes JMP 10027B10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!GetModuleHandleW 7C80E44D 5 Bytes JMP 10027AF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CreateFileW 7C810770 5 Bytes JMP 10027CB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!MoveFileWithProgressW 7C81F73E 5 Bytes JMP 10027B70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!MoveFileW 7C821271 5 Bytes JMP 10027BF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!OpenFile 7C821992 5 Bytes JMP 10027CF0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CopyFileExW 7C827B42 7 Bytes JMP 10027C30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CopyFileA 7C8286FE 5 Bytes JMP 10027C90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CopyFileW 7C82F88F 5 Bytes JMP 10027C70 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!DeleteFileA 7C831EF5 5 Bytes JMP 10027B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!DeleteFileW 7C831F7B 5 Bytes JMP 10027B30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!MoveFileExW 7C8356A3 5 Bytes JMP 10027BB0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!MoveFileA 7C835ED7 5 Bytes JMP 10027C10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!MoveFileWithProgressA 7C835EF6 5 Bytes JMP 10027B90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!MoveFileExA 7C85D653 5 Bytes JMP 10027BD0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!CopyFileExA 7C85E554 5 Bytes JMP 10027C50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 10027A90 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] kernel32.dll!LoadModule 7C86169E 5 Bytes JMP 10027D50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] USER32.dll!EndTask 77D89C9D 5 Bytes JMP 1002DFA0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ADVAPI32.dll!CreateProcessAsUserW 77DF6285 5 Bytes JMP 10021220 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ADVAPI32.dll!CreateProcessAsUserA 77E109B0 5 Bytes JMP 10021B50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ole32.dll!CoCreateInstanceEx 77525FB1 5 Bytes JMP 1002E420 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] ole32.dll!CoGetClassObject 7753F356 5 Bytes JMP 1002E1E0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] SHELL32.dll!ShellExecuteExW 7CA01823 5 Bytes JMP 100279F0 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] SHELL32.dll!ShellExecuteEx 7CA40C15 5 Bytes JMP 10027A10 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] SHELL32.dll!ShellExecuteA 7CA40F40 5 Bytes JMP 10027A50 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)
.text; C:\Program Files\7-Zip\7zFM.exe[7904] SHELL32.dll!ShellExecuteW 7CAB4FD0 5 Bytes JMP 10027A30 C:\WINDOWS\system32\guard32.dll (COMODO Internet Security/COMODO)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)
AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Internet Security Helper Driver/COMODO)

Device; \Driver\aksusb \Device\0000007d AKSCLASS.SYS (Aladdin Class Driver/Aladdin Knowledge Systems Ltd.)

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg; HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00158315a310
Reg; HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\[email protected] 0x99 0x93 0xDF 0xBC ...
Reg; HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\00158315a310 (not active ControlSet)
Reg; HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\[email protected] 0x99 0x93 0xDF 0xBC ...

---- Files - GMER 1.0.15 ----

File; C:\sh1433.exe; 67 bytes
File; C:\WINDOWS\system32\lknvcsctci 0 bytes
File; C:\zy1433.exe; 68 bytes

---- EOF - GMER 1.0.15 ----
  • 0

#6
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Thanks for posting the Extras.txt log file as well as running the GMER log. I can see that you are definitely infected with something.

Lets get started!

Back-Up Registry
First, we need to backup your registry:
Please go to Start > Run
Paste in the following line:

regedit /e c:\registrybackup.reg

Click OK.
It won't appear to be doing anything, that's normal.
Your mouse pointer may turn to an hour glass for a minute.
Please continue when it no longer has the hour glass.


NEXT:


OTL Fix

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :Services
    :Processes
    KILLALLPROCESSES
    :OTL
    SRV - (uolraw) -- File not found
    SRV - (MSUpdqtesqi) -- File not found
    SRV - (MSUpdqqtewsz) -- File not found
    SRV - (WamlSvc) -- C:\WINDOWS\system32\tcpwamllib.exe ()
    O4 - Startup: C:\Documents and Settings\MJ\Start Menu\Programs\Startup\setup_9.0.0.722_01.09.2010_04-16.lnk = File not found
    [2011/08/23 22:05:17 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex1.exe
    [2011/08/23 22:04:21 | 000,000,055 | ---- | M] () -- C:\WINDOWS\System32\onf1.dat
    [2011/08/23 22:00:26 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\lcuwnf.sys
    [2011/08/23 21:43:05 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\hex123.exe
    [2011/08/23 21:42:28 | 000,000,063 | ---- | M] () -- C:\WINDOWS\System32\onf123.dat
    [2011/08/23 21:37:37 | 000,000,060 | ---- | M] () -- C:\WINDOWS\System32\onfwser.dat
    [2011/08/23 21:01:34 | 000,000,070 | ---- | M] () -- C:\xp1433.exe
    [2011/08/23 20:58:56 | 000,122,672 | ---- | M] () -- C:\WINDOWS\System32\shift.exe
    [2011/08/23 20:58:12 | 000,000,108 | ---- | M] () -- C:\WINDOWS\System32\gouri.bat
    [2011/08/23 20:58:11 | 000,000,083 | ---- | M] () -- C:\WINDOWS\System32\sb.dat
    [2011/08/23 15:31:43 | 002,812,416 | ---- | M] () -- C:\WINDOWS\System32\on360se.exe
    [2011/08/23 15:30:06 | 000,000,061 | ---- | M] () -- C:\WINDOWS\System32\onf360se.dat
    [2011/08/23 11:06:42 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\eeggjjll.exe
    [2011/08/23 10:51:31 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\JJMMOOQQ.exe
    [2011/08/23 10:36:25 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\MPPRRTTW.exe
    [2011/08/23 10:32:48 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\qssuuxxz.exe
    [2011/08/23 10:06:24 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\AAyyvvtt.exe
    [2011/08/23 09:51:46 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\OOMMKKII.exe
    [2011/08/23 09:48:01 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\bddffiik.exe
    [2011/08/23 09:33:05 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ruuwwyyB.exe
    [2011/08/23 09:23:09 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\IILLNNPP.exe
    [2011/08/23 09:22:28 | 000,000,067 | ---- | M] () -- C:\xp360rp.exe
    [2011/08/23 09:03:04 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\QSSVVXXZ.exe
    [2011/08/23 08:47:51 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\VTTRROOM.exe
    [2011/08/23 08:32:54 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ECCAAxxv.exe
    [2011/08/23 08:18:10 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\AAxxvvtt.exe
    [2011/08/23 08:02:45 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\NKKIIGGD.exe
    [2011/08/23 07:47:51 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\roommkki.exe
    [2011/08/23 07:32:50 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\ppssuuww.exe
    [2011/08/23 07:17:57 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\UXZbegil.exe
    [2011/08/23 07:02:41 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\qsvxzCEG.exe
    [2011/08/23 06:33:56 | 000,130,048 | ---- | M] () -- C:\WINDOWS\System32\KNPRUWYb.exe
    [2011/08/23 05:06:30 | 000,001,991 | ---- | M] () -- C:\WINDOWS\System32\gaibian.com
    [2011/08/23 02:46:01 | 000,092,160 | -HS- | M] () -- C:\WINDOWS\System32\tcpwamllib.exe
    [2011/08/22 22:47:44 | 001,482,795 | ---- | M] () -- C:\WINDOWS\System32\TORO_57FD245C.hasp
    [2011/08/22 22:47:44 | 001,482,795 | ---- | M] () -- C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp
    [2011/08/23 22:05:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex1.exe
    [2011/08/23 22:00:26 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\lcuwnf.sys
    [2011/08/23 21:43:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\hex123.exe
    [2011/08/23 21:37:37 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\onfwser.dat
    [2011/08/23 21:01:34 | 000,000,070 | ---- | C] () -- C:\xp1433.exe
    [2011/08/23 20:58:15 | 000,122,672 | ---- | C] () -- C:\WINDOWS\System32\shift.exe
    [2011/08/23 15:30:11 | 002,812,416 | ---- | C] () -- C:\WINDOWS\System32\on360se.exe
    [2011/08/23 15:30:06 | 000,000,061 | ---- | C] () -- C:\WINDOWS\System32\onf360se.dat
    [2011/08/23 11:06:14 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\eeggjjll.exe
    [2011/08/23 10:51:10 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\JJMMOOQQ.exe
    [2011/08/23 10:36:10 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\MPPRRTTW.exe
    [2011/08/23 10:21:15 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\qssuuxxz.exe
    [2011/08/23 10:06:08 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\AAyyvvtt.exe
    [2011/08/23 09:51:18 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\OOMMKKII.exe
    [2011/08/23 09:47:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\bddffiik.exe
    [2011/08/23 09:32:40 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ruuwwyyB.exe
    [2011/08/23 09:17:51 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\IILLNNPP.exe
    [2011/08/23 09:02:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\QSSVVXXZ.exe
    [2011/08/23 08:51:42 | 000,000,067 | ---- | C] () -- C:\xp360rp.exe
    [2011/08/23 08:47:33 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\VTTRROOM.exe
    [2011/08/23 08:32:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ECCAAxxv.exe
    [2011/08/23 08:17:37 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\AAxxvvtt.exe
    [2011/08/23 08:02:34 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\NKKIIGGD.exe
    [2011/08/23 07:47:38 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\roommkki.exe
    [2011/08/23 07:32:31 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\ppssuuww.exe
    [2011/08/23 07:17:32 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\UXZbegil.exe
    [2011/08/23 07:02:30 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\qsvxzCEG.exe
    [2011/08/23 06:33:35 | 000,130,048 | ---- | C] () -- C:\WINDOWS\System32\KNPRUWYb.exe
    [2011/08/23 05:06:23 | 000,001,991 | ---- | C] () -- C:\WINDOWS\System32\gaibian.com
    [2011/08/23 02:46:01 | 000,092,160 | -HS- | C] () -- C:\WINDOWS\System32\tcpwamllib.exe
    [2011/08/22 23:18:59 | 000,000,063 | ---- | C] () -- C:\WINDOWS\System32\onf123.dat
    [2011/08/22 22:43:50 | 001,482,795 | ---- | C] () -- C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp
    [2011/08/12 00:52:04 | 000,000,108 | ---- | C] () -- C:\WINDOWS\System32\gouri.bat
    [2011/08/12 00:52:02 | 000,000,083 | ---- | C] () -- C:\WINDOWS\System32\sb.dat
    [2011/08/11 23:54:19 | 000,000,055 | ---- | C] () -- C:\WINDOWS\System32\onf1.dat
    
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "9277:TCP"=-
    :Files
    dir /s /a "C:\WINDOWS\System32\i2383" /c
    dir /s /a "C:\WINDOWS\System32\i8291" /c
    dir /s /a "C:\WINDOWS\System32\i7469" /c
    dir /s /a "C:\WINDOWS\System32\i7384" /c
    dir /s /a "C:\WINDOWS\System32\i6926" /c
    dir /s /a "C:\WINDOWS\System32\i5526" /c
    dir /s /a "C:\WINDOWS\System32\i5169" /c
    dir /s /a "C:\WINDOWS\System32\i6949" /c
    dir /s /a "C:\WINDOWS\System32\i3677" /c
    dir /s /a "C:\WINDOWS\System32\i6521" /c
    dir /s /a "C:\WINDOWS\System32\i8042" /c
    dir /s /a "C:\WINDOWS\System32\i7242" /c
    dir /s /a "C:\WINDOWS\System32\i4022" /c
    echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
    ipconfig /flushdns /c
    :Commands
    [purity]
    [resethosts]
    [CreateRestorePoint]
    [EMPTYFLASH]
    
  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
  • If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

  • 0

#7
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Hello, thanks again.

Here's the log:

I didn't remove one file (The TORO*.hasp one in my system32 directory) because it's used for one of my drivers. I've been using it for years. I hope that's okay.

========== SERVICES/DRIVERS ==========
========== PROCESSES ==========
All processes killed
========== OTL ==========
Service uolraw stopped successfully!
Service uolraw deleted successfully!
File File not found not found.
Service MSUpdqtesqi stopped successfully!
Service MSUpdqtesqi deleted successfully!
File File not found not found.
Service MSUpdqqtewsz stopped successfully!
Service MSUpdqqtewsz deleted successfully!
File File not found not found.
Service WamlSvc stopped successfully!
Service WamlSvc deleted successfully!
C:\WINDOWS\system32\tcpwamllib.exe moved successfully.
C:\Documents and Settings\MJ\Start Menu\Programs\Startup\setup_9.0.0.722_01.09.2010_04-16.lnk moved successfully.
File C:\WINDOWS\System32\hex1.exe not found.
C:\WINDOWS\system32\onf1.dat moved successfully.
File C:\WINDOWS\System32\drivers\lcuwnf.sys not found.
File C:\WINDOWS\System32\hex123.exe not found.
C:\WINDOWS\system32\onf123.dat moved successfully.
C:\WINDOWS\system32\onfwser.dat moved successfully.
C:\xp1433.exe moved successfully.
C:\WINDOWS\system32\shift.exe moved successfully.
C:\WINDOWS\system32\gouri.bat moved successfully.
C:\WINDOWS\system32\sb.dat moved successfully.
C:\WINDOWS\system32\on360se.exe moved successfully.
C:\WINDOWS\system32\onf360se.dat moved successfully.
C:\WINDOWS\system32\eeggjjll.exe moved successfully.
C:\WINDOWS\system32\JJMMOOQQ.exe moved successfully.
C:\WINDOWS\system32\MPPRRTTW.exe moved successfully.
C:\WINDOWS\system32\qssuuxxz.exe moved successfully.
C:\WINDOWS\system32\AAyyvvtt.exe moved successfully.
C:\WINDOWS\system32\OOMMKKII.exe moved successfully.
C:\WINDOWS\system32\bddffiik.exe moved successfully.
C:\WINDOWS\system32\ruuwwyyB.exe moved successfully.
C:\WINDOWS\system32\IILLNNPP.exe moved successfully.
C:\xp360rp.exe moved successfully.
C:\WINDOWS\system32\QSSVVXXZ.exe moved successfully.
C:\WINDOWS\system32\VTTRROOM.exe moved successfully.
C:\WINDOWS\system32\ECCAAxxv.exe moved successfully.
C:\WINDOWS\system32\AAxxvvtt.exe moved successfully.
C:\WINDOWS\system32\NKKIIGGD.exe moved successfully.
C:\WINDOWS\system32\roommkki.exe moved successfully.
C:\WINDOWS\system32\ppssuuww.exe moved successfully.
C:\WINDOWS\system32\UXZbegil.exe moved successfully.
C:\WINDOWS\system32\qsvxzCEG.exe moved successfully.
C:\WINDOWS\system32\KNPRUWYb.exe moved successfully.
C:\WINDOWS\system32\gaibian.com moved successfully.
File C:\WINDOWS\System32\tcpwamllib.exe not found.
C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp moved successfully.
File C:\WINDOWS\System32\hex1.exe not found.
File C:\WINDOWS\System32\drivers\lcuwnf.sys not found.
File C:\WINDOWS\System32\hex123.exe not found.
File C:\WINDOWS\System32\onfwser.dat not found.
File C:\xp1433.exe not found.
File C:\WINDOWS\System32\shift.exe not found.
File C:\WINDOWS\System32\on360se.exe not found.
File C:\WINDOWS\System32\onf360se.dat not found.
File C:\WINDOWS\System32\eeggjjll.exe not found.
File C:\WINDOWS\System32\JJMMOOQQ.exe not found.
File C:\WINDOWS\System32\MPPRRTTW.exe not found.
File C:\WINDOWS\System32\qssuuxxz.exe not found.
File C:\WINDOWS\System32\AAyyvvtt.exe not found.
File C:\WINDOWS\System32\OOMMKKII.exe not found.
File C:\WINDOWS\System32\bddffiik.exe not found.
File C:\WINDOWS\System32\ruuwwyyB.exe not found.
File C:\WINDOWS\System32\IILLNNPP.exe not found.
File C:\WINDOWS\System32\QSSVVXXZ.exe not found.
File C:\xp360rp.exe not found.
File C:\WINDOWS\System32\VTTRROOM.exe not found.
File C:\WINDOWS\System32\ECCAAxxv.exe not found.
File C:\WINDOWS\System32\AAxxvvtt.exe not found.
File C:\WINDOWS\System32\NKKIIGGD.exe not found.
File C:\WINDOWS\System32\roommkki.exe not found.
File C:\WINDOWS\System32\ppssuuww.exe not found.
File C:\WINDOWS\System32\UXZbegil.exe not found.
File C:\WINDOWS\System32\qsvxzCEG.exe not found.
File C:\WINDOWS\System32\KNPRUWYb.exe not found.
File C:\WINDOWS\System32\gaibian.com not found.
File C:\WINDOWS\System32\tcpwamllib.exe not found.
File C:\WINDOWS\System32\onf123.dat not found.
File C:\Documents and Settings\MJ\Desktop\TORO_57FD245C.hasp not found.
File C:\WINDOWS\System32\gouri.bat not found.
File C:\WINDOWS\System32\sb.dat not found.
File C:\WINDOWS\System32\onf1.dat not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\9277:TCP deleted successfully.
========== FILES ==========
< dir /s /a "C:\WINDOWS\System32\i2383" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i2383
08/23/2011 12:52 PM <DIR> .
08/23/2011 12:52 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i8291" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i8291
08/23/2011 03:45 PM <DIR> .
08/23/2011 03:45 PM <DIR> ..
08/23/2011 09:18 AM 37,960 A22.exe
08/23/2011 09:22 AM 78 D.bat
08/23/2011 09:21 AM 18,980 D001.exe
3 File(s) 57,018 bytes
Total Files Listed:
3 File(s) 57,018 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i7469" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i7469
08/23/2011 03:45 PM <DIR> .
08/23/2011 03:45 PM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i7384" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i7384
08/23/2011 07:50 AM <DIR> .
08/23/2011 07:50 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i6926" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i6926
08/23/2011 07:20 AM <DIR> .
08/23/2011 07:20 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i5526" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i5526
08/23/2011 07:05 AM <DIR> .
08/23/2011 07:05 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i5169" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i5169
08/23/2011 06:22 AM <DIR> .
08/23/2011 06:22 AM <DIR> ..
08/23/2011 06:22 AM 0 A22.exe
1 File(s) 0 bytes
Total Files Listed:
1 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i6949" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i6949
08/23/2011 03:34 AM <DIR> .
08/23/2011 03:34 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i3677" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i3677
08/23/2011 03:10 AM <DIR> .
08/23/2011 03:10 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i6521" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i6521
08/23/2011 02:46 AM <DIR> .
08/23/2011 02:46 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i8042" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i8042
08/23/2011 01:20 AM <DIR> .
08/23/2011 01:20 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i7242" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i7242
08/23/2011 01:09 AM <DIR> .
08/23/2011 01:09 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< dir /s /a "C:\WINDOWS\System32\i4022" /c >
Volume in drive C has no label.
Volume Serial Number is C40F-2261
Directory of C:\WINDOWS\System32\i4022
08/12/2011 12:29 AM <DIR> .
08/12/2011 12:29 AM <DIR> ..
0 File(s) 0 bytes
Total Files Listed:
0 File(s) 0 bytes
2 Dir(s) 3,580,280,832 bytes free
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c >
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\MJ\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Restore point Set: OTL Restore Point (0)

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Irving
->Flash cache emptied: 3489 bytes

User: LocalService

User: MJ
->Flash cache emptied: 52570315 bytes

User: NetworkService

User: UpdatusUser

Total Flash Files Cleaned = 50.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08242011_042955

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#8
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

I didn't remove one file (The TORO*.hasp one in my system32 directory) because it's used for one of my drivers. I've been using it for years. I hope that's okay.

Okay, I was removing it because it was very suspicious.

Please delete the current copy of ComboFix from your desktop and download a new copy from the link(s) provided below.

Running ComboFix
Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Note: If AVG or CA Internet Security Suite is installed, you must remove these programs before using Combofix. If for some reason these applications will not uninstall, try uninstalling with AppRemover by Opswat.
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

  • 0

#9
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Thanks for the quick response. Here's the Combofix log:


ComboFix 11-08-23.06 - MJ 08/24/2011 5:01.6.4 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1381 [GMT 8:00]
Running from: c:\documents and settings\MJ\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Storm
c:\windows\system32\cs.exe
c:\windows\system32\hex1433.exe
c:\windows\system32\m.exe
c:\windows\system32\p.exe
c:\windows\system32\ps.exe
c:\windows\system32\sh1433.exe
c:\windows\system32\SMS.EXE
c:\windows\system32\xp1433.exe
c:\windows\system32\zy1.exe
c:\windows\system32\zy1433.exe
c:\windows\winsys.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-23 20:26 . 2011-08-23 20:26 119446862 ----a-w- C:\registrybackup.reg
2011-08-23 20:05 . 2011-08-23 20:05 68 ----a-w- c:\documents and settings\zy1.exe
2011-08-23 19:24 . 2011-08-23 19:24 0 ----a-w- c:\documents and settings\hex1433.exe
2011-08-23 17:01 . 2011-08-23 19:33 266 ----a-w- C:\360.vbs
2011-08-23 17:01 . 2011-08-23 19:12 212 ----a-w- c:\windows\system32\sb.bat
2011-08-23 17:00 . 2004-08-03 22:56 42496 ----a-w- c:\windows\system32\spp.exe
2011-08-23 17:00 . 2001-08-23 11:00 18432 ----a-w- c:\windows\system32\60hack.exe
2011-08-23 17:00 . 2001-08-23 11:00 16896 ----a-w- c:\windows\system32\tffp.exe
2011-08-23 17:00 . 2004-08-03 22:56 42496 ----a-w- c:\windows\system32\fpp.exe
2011-08-23 17:00 . 2001-08-23 11:00 18432 ----a-w- c:\windows\system32\cpp.exe
2011-08-23 15:55 . 2011-08-23 16:28 -------- d-----w- c:\windows\system32\i6044
2011-08-23 15:51 . 2011-08-23 15:51 236032 ----a-w- C:\hex1433.exe
2011-08-23 15:49 . 2001-08-23 11:00 18432 ----a-w- c:\windows\system32\wbem\gaibian.exe
2011-08-23 15:44 . 2011-08-23 15:44 68 ----a-w- C:\zy1433.exe
2011-08-23 15:44 . 2011-08-23 15:44 67 ----a-w- C:\sh1433.exe
2011-08-23 15:39 . 2011-08-23 16:13 -------- d-----w- c:\windows\system32\i1734
2011-08-23 15:11 . 2011-08-23 20:06 32256 ----a-w- c:\windows\system32\winghost.exe
2011-08-23 15:11 . 2011-08-23 15:57 200704 ----a-w- c:\windows\system32\st1.exe
2011-08-23 15:09 . 2011-08-23 15:28 -------- d-----w- c:\windows\system32\i1952
2011-08-23 14:54 . 2011-08-23 14:57 -------- d-----w- c:\windows\system32\i5165
2011-08-23 14:17 . 2011-08-23 14:19 -------- d-----w- c:\windows\system32\i9041
2011-08-23 14:10 . 2011-08-23 14:12 -------- d-----w- c:\windows\system32\i4080
2011-08-23 13:59 . 2011-08-23 14:01 -------- d-----w- c:\windows\system32\i6474
2011-08-23 13:43 . 2011-08-23 13:43 0 ----a-w- c:\documents and settings\hex123.exe
2011-08-23 13:37 . 2011-08-23 13:37 1460 ----a-w- c:\documents and settings\onwser.exe
2011-08-23 12:23 . 2011-08-23 12:23 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 12:22 . 2011-08-23 12:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-23 12:22 . 2011-08-23 12:22 -------- d-----w- c:\program files\Java
2011-08-23 11:51 . 2011-08-23 11:54 -------- d-----w- c:\windows\system32\i6231
2011-08-23 11:38 . 2011-08-23 11:38 -------- d-----w- c:\documents and settings\MJ\Application Data\SUPERAntiSpyware.com
2011-08-23 11:37 . 2011-08-23 11:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-23 11:37 . 2011-08-23 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-23 11:19 . 2011-08-23 11:19 53248 ----a-w- c:\documents and settings\hex1.exe
2011-08-23 08:36 . 2011-08-23 08:36 -------- d-----w- C:\_OTL
2011-08-23 04:51 . 2011-08-23 04:52 -------- d-----w- c:\windows\system32\i2383
2011-08-23 03:13 . 2011-08-23 03:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-08-23 01:15 . 2011-08-23 07:45 -------- d-----w- c:\windows\system32\i8291
2011-08-23 00:04 . 2011-08-23 07:45 -------- d-----w- c:\windows\system32\i7469
2011-08-22 23:49 . 2011-08-22 23:50 -------- d-----w- c:\windows\system32\i7384
2011-08-22 23:19 . 2011-08-22 23:20 -------- d-----w- c:\windows\system32\i6926
2011-08-22 23:04 . 2011-08-22 23:05 -------- d-----w- c:\windows\system32\i5526
2011-08-22 22:21 . 2011-08-22 22:22 -------- d-----w- c:\windows\system32\i5169
2011-08-22 19:45 . 2011-08-22 19:45 -------- d-----w- c:\documents and settings\MJ\DoctorWeb
2011-08-22 19:32 . 2011-08-22 19:34 -------- d-----w- c:\windows\system32\i6949
2011-08-22 19:08 . 2011-08-22 19:10 -------- d-----w- c:\windows\system32\i3677
2011-08-22 18:53 . 2011-08-22 18:53 -------- d-----w- C:\VundoFix Backups
2011-08-22 18:45 . 2011-08-22 18:46 -------- d-----w- c:\windows\system32\i6521
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\MJ\Application Data\Malwarebytes
2011-08-22 18:07 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-22 18:06 . 2011-08-22 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 18:06 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 17:16 . 2011-08-22 17:20 -------- d-----w- c:\windows\system32\i8042
2011-08-22 16:26 . 2011-08-22 17:09 -------- d-----w- c:\windows\system32\i7242
2011-08-22 12:50 . 2011-08-22 14:06 -------- d-----w- C:\Clipart
2011-08-22 12:50 . 2003-08-01 05:00 13359 ----a-w- c:\windows\system32\drivers\SYDEXFDD.SYS
2011-08-22 12:50 . 2001-01-19 07:21 28416 ----a-w- c:\windows\system32\drivers\WNTPPORT.SYS
2011-08-22 12:50 . 2000-05-03 09:26 244232 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2011-08-22 12:50 . 1999-05-06 16:00 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-08-22 12:50 . 1998-10-29 08:58 20644 ----a-w- c:\windows\system32\EMTRANS.VXD
2011-08-22 12:50 . 1997-01-21 10:16 133392 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-08-15 05:15 . 2011-08-15 05:15 -------- d-----w- c:\documents and settings\MJ\Application Data\FVDToolbar
2011-08-11 21:42 . 2011-08-11 21:42 -------- d-----w- c:\documents and settings\MJ\Application Data\Avira
2011-08-11 21:28 . 2011-07-21 04:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-11 21:28 . 2011-07-21 04:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-11 21:28 . 2010-06-17 07:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-11 21:28 . 2010-06-17 07:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-11 21:28 . 2011-08-11 21:28 -------- d-----w- c:\program files\Avira
2011-08-11 21:28 . 2011-08-11 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-11 21:24 . 2011-08-11 21:24 -------- d-----w- C:\Avira
2011-08-11 18:39 . 2011-08-11 18:39 0 ----a-w- c:\windows\system32\mcsql.vbs
2011-08-11 16:27 . 2011-08-11 16:29 -------- d-----w- c:\windows\system32\i4022
2011-07-31 22:14 . 2011-07-31 22:16 -------- d-----w- c:\documents and settings\MJ\Local Settings\Application Data\FVD Suite
2011-07-31 04:16 . 2011-07-31 04:57 -------- d-----w- c:\documents and settings\Irving\Local Settings\Application Data\FVD Suite
2011-07-31 04:13 . 2011-08-15 05:15 -------- d--h--w- c:\program files\FVD Suite
2011-07-25 01:46 . 2011-08-10 03:36 -------- d-----w- c:\documents and settings\MJ\Local Settings\Application Data\The Witcher
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 12:22 . 2010-05-24 13:31 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-08-22 12:26 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP4dd1.tmp
2011-08-22 12:17 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP46bd.tmp
2011-07-05 16:36 . 2011-07-05 16:36 9216 ----a-r- c:\documents and settings\MJ\Application Data\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-08-18 06:01 . 2011-03-23 22:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_22.02.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-23 20:41 . 2011-08-23 20:41 16384 c:\windows\temp\Perflib_Perfdata_688.dat
+ 2011-08-23 20:41 . 2011-08-23 20:41 16384 c:\windows\temp\Perflib_Perfdata_630.dat
+ 2011-08-23 01:18 . 2011-08-23 01:21 18980 c:\windows\system32\i8291\D001.exe
+ 2011-08-23 01:15 . 2011-08-23 01:18 37960 c:\windows\system32\i8291\A22.exe
+ 2011-08-23 15:56 . 2011-08-23 15:56 64512 c:\windows\system32\i6044\H002.exe
+ 2011-08-23 15:55 . 2011-08-23 15:56 45609 c:\windows\system32\i6044\H001.exe
+ 2011-08-23 15:55 . 2011-08-23 15:55 42496 c:\windows\system32\i6044\G001.exe
+ 2011-08-23 15:55 . 2011-08-23 15:55 45056 c:\windows\system32\i6044\F001.exe
+ 2011-08-23 15:11 . 2011-08-23 15:11 64512 c:\windows\system32\i1952\H002.exe
+ 2011-08-23 15:10 . 2011-08-23 15:10 54820 c:\windows\system32\i1952\G001.exe
+ 2011-08-23 15:10 . 2011-08-23 15:10 45056 c:\windows\system32\i1952\F001.exe
+ 2011-08-23 15:40 . 2011-08-23 15:41 64512 c:\windows\system32\i1734\H002.exe
+ 2011-08-23 15:40 . 2011-08-23 15:40 45609 c:\windows\system32\i1734\H001.exe
+ 2011-08-23 15:40 . 2011-08-23 15:40 42496 c:\windows\system32\i1734\G001.exe
+ 2011-08-23 15:40 . 2011-08-23 15:40 45056 c:\windows\system32\i1734\F001.exe
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-23 12:22 . 2011-08-23 12:22 157472 c:\windows\system32\javaws.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 157472 c:\windows\system32\javaws.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\javaw.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\javaw.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\java.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\java.exe
+ 2011-08-23 15:56 . 2011-08-23 15:56 121019 c:\windows\system32\i6044\JBSB.exe
+ 2011-08-23 15:56 . 2011-08-23 15:56 106496 c:\windows\system32\i6044\JATE.exe
+ 2011-08-23 15:55 . 2011-08-23 15:55 135456 c:\windows\system32\i6044\D001.exe
+ 2011-08-23 15:55 . 2011-08-23 15:55 172032 c:\windows\system32\i6044\A22.exe
+ 2011-08-23 15:11 . 2011-08-23 15:11 121019 c:\windows\system32\i1952\JBSB.exe
+ 2011-08-23 15:11 . 2011-08-23 15:11 106496 c:\windows\system32\i1952\JATE.exe
+ 2011-08-23 15:10 . 2011-08-23 15:10 135456 c:\windows\system32\i1952\D001.exe
+ 2011-08-23 15:41 . 2011-08-23 15:41 121019 c:\windows\system32\i1734\JBSB.exe
+ 2011-08-23 15:41 . 2011-08-23 15:41 106496 c:\windows\system32\i1734\JATE.exe
+ 2011-08-23 15:40 . 2011-08-23 15:40 135456 c:\windows\system32\i1734\D001.exe
+ 2011-08-23 15:40 . 2011-08-23 15:40 172032 c:\windows\system32\i1734\A22.exe
+ 2011-08-23 12:23 . 2011-08-23 12:23 203776 c:\windows\Installer\749179.msi
+ 2011-08-23 12:22 . 2011-08-23 12:22 902656 c:\windows\Installer\749171.msi
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\sethc.exe
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\dllcache\sethc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-27 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-12-11 320512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 2552648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\MJ\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-6-9 477736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-18 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"k:\\Dragon Age\\bin_ship\\daorigins.exe"=
"k:\\Dragon Age\\DAOriginsLauncher.exe"=
"k:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 42555462;42555462 Boot Guard Driver;c:\windows\system32\drivers\42555462.sys [9/1/2010 11:53 AM 37392]
R0 AladdinUsbFilter;AladdinUsbFilterService;c:\windows\system32\drivers\AladdinUsbFilter.sys [5/13/2010 8:12 AM 484352]
R1 42555461;42555461;c:\windows\system32\drivers\42555461.sys [9/1/2010 11:53 AM 128016]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 12:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 5:55 AM 67664]
R1 setup_9.0.0.722_01.09.2010_04-16drv;setup_9.0.0.722_01.09.2010_04-16drv;c:\windows\system32\drivers\4255546.sys [9/1/2010 11:53 AM 315408]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 7:38 AM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2011 5:28 AM 136360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [12/16/2009 10:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 10:11 AM 65856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/24/2011 5:58 PM 2214504]
R2 wntpport;wntpport;c:\windows\system32\drivers\WNTPPORT.SYS [8/22/2011 8:50 PM 28416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/13/2010 10:02 AM 119528]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [6/9/2011 6:40 PM 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Tcpz-x86;Tcpz-x86;\??\c:\tcpz-x86.sys --> c:\Tcpz-x86.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/13/2010 9:56 AM 1684736]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [8/2/2010 4:19 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [8/2/2010 4:19 PM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [8/2/2010 4:19 PM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [8/2/2010 4:19 PM 24960]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [8/2/2010 4:19 PM 23040]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [8/2/2010 4:19 PM 22272]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [8/2/2010 4:19 PM 27776]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [8/2/2010 4:19 PM 66816]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [6/9/2011 6:35 PM 31312]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;k:\dragon age\bin_ship\daupdatersvc.service.exe [12/16/2009 4:07 AM 25832]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [9/29/2009 8:11 AM 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 2:07 AM 41272]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [8/22/2011 8:50 PM 13359]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
xcvs REG_MULTI_SZ xcvs
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
uolraw
nex0
nex1
nex2
nex3
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003Core.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003UA.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15161&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
TCP: DhcpNameServer = 202.8.224.36 202.8.224.39
TCP: Interfaces\{56E4BDAE-AFFC-4749-8E1C-5F2C133402B6}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D033C36-3894-4E86-818D-2D141154C4BF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8BE85404-7DE2-4429-A5FE-C0B39B413BB3}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 05:10
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1052)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1108)
c:\windows\system32\guard32.dll
.
Completion time: 2011-08-24 05:12:37
ComboFix-quarantined-files.txt 2011-08-23 21:12
ComboFix2.txt 2011-08-23 14:41
ComboFix3.txt 2011-08-23 13:20
ComboFix4.txt 2011-08-23 10:42
ComboFix5.txt 2011-08-23 20:58
.
Pre-Run: 4,488,638,464 bytes free
Post-Run: 4,465,430,528 bytes free
.
- - End Of File - - 18B7A95F127A5912BA045402F55F4B35
  • 0

#10
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\documents and settings\zy1.exe
c:\documents and settings\hex1433.exe
C:\360.vbs
c:\windows\system32\sb.bat
c:\windows\system32\spp.exe
c:\windows\system32\60hack.exe
c:\windows\system32\tffp.exe
c:\windows\system32\fpp.exe
c:\windows\system32\cpp.exe
C:\hex1433.exe
c:\windows\system32\wbem\gaibian.exe
C:\zy1433.exe
C:\sh1433.exe
c:\windows\system32\winghost.exe
c:\windows\system32\st1.exe
c:\documents and settings\hex123.exe
c:\documents and settings\onwser.exe
c:\documents and settings\hex1.exe
c:\windows\system32\drivers\42555462.sys
c:\windows\system32\drivers\42555461.sys
c:\windows\system32\drivers\4255546.sys
c:\windows\system32\i8291\D001.exe
c:\windows\system32\i8291\A22.exe
c:\windows\system32\i6044\H002.exe
c:\windows\system32\i6044\H001.exe
c:\windows\system32\i6044\G001.exe
c:\windows\system32\i6044\F001.exe
c:\windows\system32\i1952\H002.exe
c:\windows\system32\i1952\G001.exe
c:\windows\system32\i1952\F001.exe
c:\windows\system32\i1734\H002.exe
c:\windows\system32\i1734\H001.exe
c:\windows\system32\i1734\G001.exe
c:\windows\system32\i1734\F001.exe
c:\windows\system32\i6044\JBSB.exe
c:\windows\system32\i6044\JATE.exe
c:\windows\system32\i6044\D001.exe
c:\windows\system32\i6044\A22.exe
c:\windows\system32\i1952\JBSB.exe
c:\windows\system32\i1952\JATE.exe
c:\windows\system32\i1952\D001.exe
c:\windows\system32\i1734\JBSB.exe
c:\windows\system32\i1734\JATE.exe
c:\windows\system32\i1734\D001.exe
c:\windows\system32\i1734\A22.exe

Folder::
c:\windows\system32\i6044
c:\windows\system32\i1734
c:\windows\system32\i1952
c:\windows\system32\i5165
c:\windows\system32\i9041
c:\windows\system32\i4080
c:\windows\system32\i6474
c:\windows\system32\i6231
c:\windows\system32\i2383
c:\windows\system32\i8291
c:\windows\system32\i7469
c:\windows\system32\i7384
c:\windows\system32\i6926
c:\windows\system32\i5526
c:\windows\system32\i5169
c:\windows\system32\i6949
c:\windows\system32\i3677
c:\windows\system32\i6521
c:\windows\system32\i8042
c:\windows\system32\i7242
c:\windows\system32\i4022

Driver::
42555462
42555461
setup_9.0.0.722_01.09.2010_04-16drv

NetSvc::
uolraw
nex0
nex1
nex2
nex3

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0

Advertisements


#11
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Is it normal that ComboFix gets stuck on after "completed stage 2" for more than an hour?

I left my PC alone for an hour and it was still at that part and the PC time was an hour late.
  • 0

#12
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Okay, I figured to run it in Safe Mode. Here are the results:


ComboFix 11-08-24.01 - MJ 08/24/2011 15:40:05.10.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1696 [GMT 8:00]
Running from: c:\documents and settings\MJ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MJ\Desktop\cfscript2.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"C:\360.vbs"
"c:\documents and settings\hex1.exe"
"c:\documents and settings\hex123.exe"
"c:\documents and settings\hex1433.exe"
"c:\documents and settings\onwser.exe"
"c:\documents and settings\s1.exe"
"c:\documents and settings\st1.exe"
"c:\documents and settings\zy1.exe"
"C:\hex1433.exe"
"C:\sh1433.exe"
"c:\windows\system32\60hack.exe"
"c:\windows\system32\cpp.exe"
"c:\windows\system32\drivers\4255546.sys"
"c:\windows\system32\drivers\42555461.sys"
"c:\windows\system32\drivers\42555462.sys"
"c:\windows\system32\fpp.exe"
"c:\windows\system32\hex1433.exe"
"c:\windows\system32\i1734\A22.exe"
"c:\windows\system32\i1734\D001.exe"
"c:\windows\system32\i1734\F001.exe"
"c:\windows\system32\i1734\G001.exe"
"c:\windows\system32\i1734\H001.exe"
"c:\windows\system32\i1734\H002.exe"
"c:\windows\system32\i1734\JATE.exe"
"c:\windows\system32\i1734\JBSB.exe"
"c:\windows\system32\i1952\D001.exe"
"c:\windows\system32\i1952\F001.exe"
"c:\windows\system32\i1952\G001.exe"
"c:\windows\system32\i1952\H002.exe"
"c:\windows\system32\i1952\JATE.exe"
"c:\windows\system32\i1952\JBSB.exe"
"c:\windows\system32\i5335\A22.exe"
"c:\windows\system32\i5335\D001.exe"
"c:\windows\system32\i5335\F001.exe"
"c:\windows\system32\i5335\G001.exe"
"c:\windows\system32\i5335\H001.exe"
"c:\windows\system32\i5335\H002.exe"
"c:\windows\system32\i5335\JATE.exe"
"c:\windows\system32\i5335\JBSB.exe"
"c:\windows\system32\i6044\A22.exe"
"c:\windows\system32\i6044\D001.exe"
"c:\windows\system32\i6044\F001.exe"
"c:\windows\system32\i6044\G001.exe"
"c:\windows\system32\i6044\H001.exe"
"c:\windows\system32\i6044\H002.exe"
"c:\windows\system32\i6044\JATE.exe"
"c:\windows\system32\i6044\JBSB.exe"
"c:\windows\system32\i8291\A22.exe"
"c:\windows\system32\i8291\D001.exe"
"c:\windows\system32\sb.bat"
"c:\windows\system32\spp.exe"
"c:\windows\system32\st1.exe"
"c:\windows\system32\tffp.exe"
"c:\windows\system32\wbem\gaibian.exe"
"c:\windows\system32\winghost.exe"
"C:\zy1433.exe"
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\hex1.exe
c:\documents and settings\hex123.exe
c:\documents and settings\hex1433.exe
c:\documents and settings\onwser.exe
c:\documents and settings\s1.exe
c:\documents and settings\st1.exe
c:\windows\system32\60hack.exe
c:\windows\system32\cpp.exe
c:\windows\system32\drivers\4255546.sys
c:\windows\system32\drivers\42555461.sys
c:\windows\system32\drivers\42555462.sys
c:\windows\system32\fpp.exe
c:\windows\system32\hex1433.exe
c:\windows\system32\i1734
c:\windows\system32\i1734\A22.exe
c:\windows\system32\i1734\D001.exe
c:\windows\system32\i1734\F001.exe
c:\windows\system32\i1734\G001.exe
c:\windows\system32\i1734\H001.exe
c:\windows\system32\i1734\H002.exe
c:\windows\system32\i1734\JATE.exe
c:\windows\system32\i1734\JBSB.exe
c:\windows\system32\i1952
c:\windows\system32\i1952\D001.exe
c:\windows\system32\i1952\F001.exe
c:\windows\system32\i1952\G001.exe
c:\windows\system32\i1952\H002.exe
c:\windows\system32\i1952\JATE.exe
c:\windows\system32\i1952\JBSB.exe
c:\windows\system32\i2383
c:\windows\system32\i3677
c:\windows\system32\i4022
c:\windows\system32\i4080
c:\windows\system32\i5165
c:\windows\system32\i5169
c:\windows\system32\i5169\A22.exe
c:\windows\system32\i5335
c:\windows\system32\i5335\A22.exe
c:\windows\system32\i5335\D001.exe
c:\windows\system32\i5335\F001.exe
c:\windows\system32\i5335\G001.exe
c:\windows\system32\i5335\H001.exe
c:\windows\system32\i5335\H002.exe
c:\windows\system32\i5335\JATE.exe
c:\windows\system32\i5335\JBSB.exe
c:\windows\system32\i5526
c:\windows\system32\i6044
c:\windows\system32\i6044\A22.exe
c:\windows\system32\i6044\D001.exe
c:\windows\system32\i6044\F001.exe
c:\windows\system32\i6044\G001.exe
c:\windows\system32\i6044\H001.exe
c:\windows\system32\i6044\H002.exe
c:\windows\system32\i6044\JATE.exe
c:\windows\system32\i6044\JBSB.exe
c:\windows\system32\i6231
c:\windows\system32\i6474
c:\windows\system32\i6521
c:\windows\system32\i6926
c:\windows\system32\i6949
c:\windows\system32\i7242
c:\windows\system32\i7384
c:\windows\system32\i7469
c:\windows\system32\i8042
c:\windows\system32\i8291
c:\windows\system32\i8291\A22.exe
c:\windows\system32\i8291\D.bat
c:\windows\system32\i8291\D001.exe
c:\windows\system32\i9041
c:\windows\system32\spp.exe
c:\windows\system32\tffp.exe
c:\windows\system32\wbem\gaibian.exe
c:\windows\system32\winghost.exe
c:\windows\winsys.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_42555461
-------\Legacy_42555462
-------\Legacy_SETUP_9.0.0.722_01.09.2010_04-16DRV
-------\Service_42555461
-------\Service_42555462
-------\Service_setup_9.0.0.722_01.09.2010_04-16drv
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-23 20:26 . 2011-08-23 20:26 119446862 ----a-w- C:\registrybackup.reg
2011-08-23 12:23 . 2011-08-23 12:23 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 12:22 . 2011-08-23 12:22 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-08-23 12:22 . 2011-08-23 12:22 -------- d-----w- c:\program files\Java
2011-08-23 11:38 . 2011-08-23 11:38 -------- d-----w- c:\documents and settings\MJ\Application Data\SUPERAntiSpyware.com
2011-08-23 11:37 . 2011-08-23 11:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-23 11:37 . 2011-08-23 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-23 08:36 . 2011-08-23 08:36 -------- d-----w- C:\_OTL
2011-08-23 03:13 . 2011-08-23 03:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-08-22 19:45 . 2011-08-22 19:45 -------- d-----w- c:\documents and settings\MJ\DoctorWeb
2011-08-22 18:53 . 2011-08-22 18:53 -------- d-----w- C:\VundoFix Backups
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\MJ\Application Data\Malwarebytes
2011-08-22 18:07 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-22 18:06 . 2011-08-22 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 18:06 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 12:50 . 2011-08-22 14:06 -------- d-----w- C:\Clipart
2011-08-22 12:50 . 2003-08-01 05:00 13359 ----a-w- c:\windows\system32\drivers\SYDEXFDD.SYS
2011-08-22 12:50 . 2001-01-19 07:21 28416 ----a-w- c:\windows\system32\drivers\WNTPPORT.SYS
2011-08-22 12:50 . 2000-05-03 09:26 244232 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2011-08-22 12:50 . 1999-05-06 16:00 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-08-22 12:50 . 1998-10-29 08:58 20644 ----a-w- c:\windows\system32\EMTRANS.VXD
2011-08-22 12:50 . 1997-01-21 10:16 133392 ----a-w- c:\windows\system32\MSMAPI32.OCX
2011-08-15 05:15 . 2011-08-15 05:15 -------- d-----w- c:\documents and settings\MJ\Application Data\FVDToolbar
2011-08-11 21:42 . 2011-08-11 21:42 -------- d-----w- c:\documents and settings\MJ\Application Data\Avira
2011-08-11 21:28 . 2011-07-21 04:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-11 21:28 . 2011-07-21 04:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-11 21:28 . 2010-06-17 07:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-11 21:28 . 2010-06-17 07:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-11 21:28 . 2011-08-11 21:28 -------- d-----w- c:\program files\Avira
2011-08-11 21:28 . 2011-08-11 21:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-11 21:24 . 2011-08-11 21:24 -------- d-----w- C:\Avira
2011-08-11 18:39 . 2011-08-11 18:39 0 ----a-w- c:\windows\system32\mcsql.vbs
2011-07-31 22:14 . 2011-07-31 22:16 -------- d-----w- c:\documents and settings\MJ\Local Settings\Application Data\FVD Suite
2011-07-31 04:16 . 2011-07-31 04:57 -------- d-----w- c:\documents and settings\Irving\Local Settings\Application Data\FVD Suite
2011-07-31 04:13 . 2011-08-15 05:15 -------- d--h--w- c:\program files\FVD Suite
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 12:22 . 2010-05-24 13:31 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-08-22 12:26 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP4dd1.tmp
2011-08-22 12:17 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP46bd.tmp
2011-07-05 16:36 . 2011-07-05 16:36 9216 ----a-r- c:\documents and settings\MJ\Application Data\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-08-18 06:01 . 2011-03-23 22:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_22.02.21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-24 07:52 . 2011-08-24 07:52 16384 c:\windows\temp\Perflib_Perfdata_788.dat
+ 2011-08-24 07:52 . 2011-08-24 07:52 16384 c:\windows\temp\Perflib_Perfdata_754.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2011-08-23 12:22 . 2011-08-23 12:22 157472 c:\windows\system32\javaws.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 157472 c:\windows\system32\javaws.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\javaw.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\javaw.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\java.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\java.exe
+ 2011-08-23 12:23 . 2011-08-23 12:23 203776 c:\windows\Installer\749179.msi
+ 2011-08-23 12:22 . 2011-08-23 12:22 902656 c:\windows\Installer\749171.msi
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\sethc.exe
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\dllcache\sethc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-27 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-12-11 320512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 2552648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\MJ\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-6-9 477736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-18 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"k:\\Dragon Age\\bin_ship\\daorigins.exe"=
"k:\\Dragon Age\\DAOriginsLauncher.exe"=
"k:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 AladdinUsbFilter;AladdinUsbFilterService;c:\windows\system32\drivers\AladdinUsbFilter.sys [5/13/2010 8:12 AM 484352]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 12:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 5:55 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 7:38 AM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2011 5:28 AM 136360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [12/16/2009 10:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 10:11 AM 65856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/24/2011 5:58 PM 2214504]
R2 wntpport;wntpport;c:\windows\system32\drivers\WNTPPORT.SYS [8/22/2011 8:50 PM 28416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/13/2010 10:02 AM 119528]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [6/9/2011 6:40 PM 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 Tcpz-x86;Tcpz-x86;\??\c:\tcpz-x86.sys --> c:\Tcpz-x86.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/13/2010 9:56 AM 1684736]
S3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [8/2/2010 4:19 PM 14336]
S3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [8/2/2010 4:19 PM 20864]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [8/2/2010 4:19 PM 19968]
S3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [8/2/2010 4:19 PM 24960]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [8/2/2010 4:19 PM 23040]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [8/2/2010 4:19 PM 22272]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [8/2/2010 4:19 PM 27776]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [8/2/2010 4:19 PM 66816]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [6/9/2011 6:35 PM 31312]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;k:\dragon age\bin_ship\daupdatersvc.service.exe [12/16/2009 4:07 AM 25832]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [9/29/2009 8:11 AM 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 2:07 AM 41272]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [8/22/2011 8:50 PM 13359]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
imgsvc REG_MULTI_SZ StiSvc Please Input Service Name
xcvs REG_MULTI_SZ xcvs
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003Core.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003UA.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15161&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
TCP: DhcpNameServer = 202.8.224.36 202.8.224.39
TCP: Interfaces\{56E4BDAE-AFFC-4749-8E1C-5F2C133402B6}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D033C36-3894-4E86-818D-2D141154C4BF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8BE85404-7DE2-4429-A5FE-C0B39B413BB3}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-24 15:53
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
**************************************************************************
.
Completion time: 2011-08-24 15:58:42 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-24 07:58
ComboFix2.txt 2011-08-24 07:16
ComboFix3.txt 2011-08-23 21:12
ComboFix4.txt 2011-08-23 14:41
ComboFix5.txt 2011-08-24 07:39
.
Pre-Run: 4,967,182,336 bytes free
Post-Run: 4,849,577,984 bytes free
.
- - End Of File - - 178129432F12127EEDAE799F33040BDA



COMODO is now telling me of a file named sqlagent trying to open a file named on33, which I'm blocking.
  • 0

#13
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

It looks like we are making some progress. You still seem to have some nasties lurking.

COMODO is now telling me of a file named sqlagent trying to open a file named on33, which I'm blocking.

Please continue to block this file.


ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

http://www.geekstogo.com/forum/topic/306401-recurring-trdroppergen/page__view__findpost__p__2052726
KillAll::
Suspect::[102]
c:\windows\DUMP4dd1.tmp
c:\windows\DUMP46bd.tmp
File::
c:\Tcpz-x86.sys
Driver::
Tcpz-x86

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT:



Malwarebytes' Anti-Malware

I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform quick scan, then click on Scan
  • Leave the default options as it is and click on Start Scan
  • When done, you will be prompted. Click OK, then click on Show Results
  • Checked (ticked) all items and click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#14
mjhermano

mjhermano

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
I'm not sure if the forum link was supposed to be in that script, but I put it in anyway. Didn't seem to change anything, but a file was uploaded. I got rid of the tcpz-x86 in a scan earlier today, too, but included it anyway.

Anyway, Combofix log:


ComboFix 11-08-24.04 - MJ 08/25/2011 4:56.15.4 - x86 MINIMAL
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1695 [GMT 8:00]
Running from: c:\documents and settings\MJ\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\MJ\Desktop\cfscript4.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\Tcpz-x86.sys"
.
file zipped: c:\windows\DUMP46bd.tmp
file zipped: c:\windows\DUMP4dd1.tmp
.
ADS - WINDOWS: deleted 0 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\xpQD.exe
c:\windows\winsys.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-24 to 2011-08-24 )))))))))))))))))))))))))))))))
.
.
2011-08-24 20:44 . 2011-08-24 20:45 167383 ----a-w- c:\documents and settings\onSetup.exe
2011-08-24 20:44 . 2011-08-24 20:45 167383 ----a-w- c:\windows\system32\onSetup.exe
2011-08-24 19:48 . 2011-08-24 19:48 51200 ----a-w- C:\bootQD.exe
2011-08-24 19:48 . 2011-08-24 19:48 51200 ----a-w- c:\windows\system32\bootQD.exe
2011-08-24 19:48 . 2011-08-24 19:48 69 ----a-w- C:\xpQD.exe
2011-08-24 19:35 . 2011-08-24 19:35 53248 ----a-w- c:\windows\system32\hex1.exe
2011-08-24 19:35 . 2011-08-24 20:41 32256 ----a-w- c:\windows\system32\winghost.exe
2011-08-24 19:34 . 2011-08-24 20:41 53248 ----a-w- c:\windows\system32\on1.exe
2011-08-24 19:34 . 2011-08-24 19:34 53248 ----a-w- c:\documents and settings\on1.exe
2011-08-23 20:26 . 2011-08-23 20:26 119446862 ----a-w- C:\registrybackup.reg
2011-08-23 12:23 . 2011-08-23 12:23 -------- d-----w- c:\program files\Common Files\Java
2011-08-23 12:22 . 2011-08-23 12:22 -------- d-----w- c:\program files\Java
2011-08-23 11:38 . 2011-08-23 11:38 -------- d-----w- c:\documents and settings\MJ\Application Data\SUPERAntiSpyware.com
2011-08-23 11:37 . 2011-08-23 11:38 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-23 11:37 . 2011-08-23 11:37 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-08-23 08:36 . 2011-08-23 08:36 -------- d-----w- C:\_OTL
2011-08-23 03:13 . 2011-08-23 03:13 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Yahoo!
2011-08-22 19:45 . 2011-08-22 19:45 -------- d-----w- c:\documents and settings\MJ\DoctorWeb
2011-08-22 18:53 . 2011-08-22 18:53 -------- d-----w- C:\VundoFix Backups
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\MJ\Application Data\Malwarebytes
2011-08-22 18:07 . 2011-07-06 11:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 18:07 . 2011-08-22 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-22 18:06 . 2011-08-22 18:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 18:06 . 2011-07-06 11:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 12:50 . 2011-08-22 14:06 -------- d-----w- C:\Clipart
2011-08-22 12:50 . 2003-08-01 05:00 13359 ----a-w- c:\windows\system32\drivers\SYDEXFDD.SYS
2011-08-22 12:50 . 2001-01-19 07:21 28416 ----a-w- c:\windows\system32\drivers\WNTPPORT.SYS
2011-08-22 12:50 . 2000-05-03 09:26 244232 ----a-w- c:\windows\system32\MSFLXGRD.OCX
2011-08-22 12:50 . 1999-05-06 16:00 140288 ----a-w- c:\windows\system32\COMDLG32.OCX
2011-08-22 12:50 . 1998-10-29 08:58 20644 ----a-w- c:\windows\system32\EMTRANS.VXD
2011-08-22 12:50 . 1997-01-21 10:16 133392 ----a-w- c:\windows\system32\MSMAPI32.OCX
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-23 12:22 . 2010-05-24 13:31 472808 -c--a-w- c:\windows\system32\deployJava1.dll
2011-08-22 12:26 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP4dd1.tmp
2011-08-22 12:17 . 2010-05-13 09:24 81920 ----a-w- c:\windows\DUMP46bd.tmp
2011-07-05 16:36 . 2011-07-05 16:36 9216 ----a-r- c:\documents and settings\MJ\Application Data\Microsoft\Installer\{7426428E-71D4-452C-BA13-B14E5EB52859}\Icon7426428E16.exe
2011-08-18 06:01 . 2011-03-23 22:20 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( [email protected]_22.02.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-08-22 20:38 . 2011-08-22 20:38 16384 c:\windows\Temp\Perflib_Perfdata_684.dat
+ 2011-08-24 21:07 . 2011-08-24 21:07 16384 c:\windows\temp\Perflib_Perfdata_684.dat
+ 2011-08-24 21:07 . 2011-08-24 21:07 16384 c:\windows\temp\Perflib_Perfdata_630.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-13 16:43 . 2011-08-23 13:45 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-05-13 16:43 . 2011-08-22 16:29 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2010-12-21 14:11 . 2010-12-21 14:11 157472 c:\windows\system32\javaws.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 157472 c:\windows\system32\javaws.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\javaw.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\javaw.exe
+ 2011-08-23 12:22 . 2011-08-23 12:22 145184 c:\windows\system32\java.exe
- 2010-12-21 14:11 . 2010-12-21 14:11 145184 c:\windows\system32\java.exe
+ 2011-08-23 12:23 . 2011-08-23 12:23 203776 c:\windows\Installer\749179.msi
+ 2011-08-23 12:22 . 2011-08-23 12:22 902656 c:\windows\Installer\749171.msi
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\sethc.exe
+ 2004-08-03 22:56 . 2004-08-03 22:56 1032192 c:\windows\system32\dllcache\sethc.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-05-27 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"RTHDCPL"="RTHDCPL.EXE" [2009-08-14 18702336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-25 136192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"FixCamera"="c:\windows\FixCamera.exe" [2008-08-21 188928]
"tsnp2uvc"="c:\windows\tsnp2uvc.exe" [2009-12-11 320512]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-05-09 2552648]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-04 1632360]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-20 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\MJ\Start Menu\Programs\Startup\
PdaNet Desktop.lnk - c:\program files\PdaNet for Android\PdaNetPC.exe [2011-6-9 477736]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-18 74308]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\CAPCOM\\STREETFIGHTERIV\\StreetFighterIV.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwupdate.exe"=
"k:\\Atari\\Neverwinter Nights 2\\nwn2server.exe"=
"k:\\Dragon Age\\bin_ship\\daorigins.exe"=
"k:\\Dragon Age\\DAOriginsLauncher.exe"=
"k:\\Dragon Age\\bin_ship\\daupdatersvc.service.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
.
R0 AladdinUsbFilter;AladdinUsbFilterService;c:\windows\system32\drivers\AladdinUsbFilter.sys [5/13/2010 8:12 AM 484352]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242472]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/23/2011 12:27 AM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/13/2011 5:55 AM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 7:38 AM 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/12/2011 5:28 AM 136360]
R2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO livePCsupport\CLPSLS.exe [2/19/2010 5:00 PM 148744]
R2 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Nitro PDF\Professional\NitroPDFDriverService.exe [12/16/2009 10:09 AM 188736]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [12/16/2009 10:11 AM 65856]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/24/2011 5:58 PM 2214504]
R2 wntpport;wntpport;c:\windows\system32\drivers\WNTPPORT.SYS [8/22/2011 8:50 PM 28416]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\drivers\lgandbus.sys [8/2/2010 4:19 PM 14336]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\drivers\lganddiag.sys [8/2/2010 4:19 PM 20864]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\drivers\lgandgps.sys [8/2/2010 4:19 PM 19968]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\drivers\lgandmodem.sys [8/2/2010 4:19 PM 24960]
R3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\androidusb.sys [6/9/2011 6:35 PM 31312]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [5/13/2010 10:02 AM 119528]
R3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [6/9/2011 6:40 PM 13312]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [5/13/2010 9:56 AM 1684736]
S3 AndNetDiag;LG AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [8/2/2010 4:19 PM 23040]
S3 AndNetGps;LG AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [8/2/2010 4:19 PM 22272]
S3 ANDNetModem;LG AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [8/2/2010 4:19 PM 27776]
S3 andnetndis;LG AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [8/2/2010 4:19 PM 66816]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;k:\dragon age\bin_ship\daupdatersvc.service.exe [12/16/2009 4:07 AM 25832]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\drivers\lgbtport.sys [9/29/2009 8:11 AM 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys --> c:\windows\system32\DRIVERS\lgbtbus.sys [?]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys --> c:\windows\system32\DRIVERS\lgvmodem.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/23/2011 2:07 AM 41272]
S3 SydexFDD;Sydex Diskette Driver;c:\windows\system32\drivers\SYDEXFDD.SYS [8/22/2011 8:50 PM 13359]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
imgsvc REG_MULTI_SZ StiSvc Please Input Service Name Nxixnv Orirebul Umb
xcvs REG_MULTI_SZ xcvs
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003Core.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
2011-08-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-448539723-725345543-1003UA.job
- c:\documents and settings\MJ\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-01 20:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.ask.com/?o=15161&l=dis
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: LG Air Sync (R-Click) - Save as Mobile Image - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/206
IE: LG Air Sync (R-Click) - Save as Mobile Memo - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/208
IE: LG Air Sync (R-Click) - Save as Mobile Text file - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/210
IE: LG Air Sync (R-Click) - Set as Mobile Wallpaper - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/205
IE: LG Air Sync Option - c:\program files\LG Electronics\LG PC Suite IV\LinkAir\IEContextMenu.dll/209
TCP: DhcpNameServer = 202.8.224.36 202.8.224.39
TCP: Interfaces\{56E4BDAE-AFFC-4749-8E1C-5F2C133402B6}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{7D033C36-3894-4E86-818D-2D141154C4BF}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{8BE85404-7DE2-4429-A5FE-C0B39B413BB3}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\documents and settings\MJ\Application Data\Mozilla\Firefox\Profiles\9j7isrn4.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: network.proxy.type - 4
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-25 05:08
Windows 5.1.2600 Service Pack 2 NTFS
.
detected NTDLL code modification:
ZwClose, ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1048)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1104)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3804)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\RunDLL32.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\COMMON~1\MICROS~1\DW\DWTRIG20.EXE
.
**************************************************************************
.
Completion time: 2011-08-25 05:14:05 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-24 21:14
ComboFix2.txt 2011-08-24 19:09
ComboFix3.txt 2011-08-24 18:42
ComboFix4.txt 2011-08-24 18:01
ComboFix5.txt 2011-08-24 20:55
.
Pre-Run: 4,699,246,592 bytes free
Post-Run: 4,594,966,528 bytes free
.
- - End Of File - - CA9E99423B5EA169D71E1B52090B611A
Upload was successful

MBAM Log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7557

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

8/25/2011 5:30:04 AM
mbam-log-2011-08-25 (05-30-04).txt

Scan type: Quick scan
Objects scanned: 208771
Time elapsed: 2 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess\RouterManagers\Ip\DLLPath (Hijack.Iprouter) -> Bad: (C:\3215600.dll) Good: (%SystemRoot%\System32\iprtrmgr.dll) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\system32\winghost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\p.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  • 0

#15
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hi!

Yes, the link was suppose to be included in the script.

You're still pretty heavily infected and we might encounter a situation where the only solution will be to reformat and re-install.


Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?


We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.



NEXT:



ComboFix Script
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

KillAll::
File::
c:\documents and settings\onSetup.exe
c:\windows\system32\onSetup.exe
C:\bootQD.exe
c:\windows\system32\bootQD.exe
C:\xpQD.exe
c:\windows\system32\hex1.exe
c:\windows\system32\winghost.exe
c:\windows\system32\on1.exe
c:\documents and settings\on1.exe
Driver::
xcvs
Nxixnv
Orirebul
Umb

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"


Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. If ComboFix prompts you to update to the newest version, please allow it to do so. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP